I’m running Liquibase database migrations against Azure SQL in a GitHub Actions pipeline, authenticating as an Azure Service Principal (already logged in via azure/login@v2). I want to avoid storing SQL username/password credentials and use Azure AD authentication instead.
Liquibase version: 4.32.0 (community, via liquibase/setup-liquibase@v2)
JDBC URL:
jdbc:sqlserver://.server.net:1433;
databaseName=;
encrypt=true;
hostNameInCertificate=*.server.net;
authentication=ActiveDirectoryServicePrincipal;
loginTimeout=30
Credentials passed as:
--username= Azure SP Client ID (appId)--password= Azure SP Client Secret
Workflow:
- name: Run Liquibase Update
env:
LB_USERNAME: ${{ secrets.AZURE_CLIENT_ID }}
LB_PASSWORD: ${{ secrets.AZURE_CLIENT_SECRET }}
run: |
liquibase \
--url="${DB_URL}" \
--username="$LB_USERNAME" \
--password="$LB_PASSWORD" \
--changeLogFile="changelog-master.yml" \
update
Error:
ERROR: Exception Primary Class: SQLServerException
ERROR: Exception Primary Reason: Failed to load MSAL4J Java library for
performing ActiveDirectoryServicePrincipal authentication.
ERROR: Exception Primary Source: 5.0.0
Unexpected error running Liquibase: Connection could not be created to
jdbc:sqlserver://.server.net:1433;databaseName=;
encrypt=true;hostNameInCertificate=*.database.windows.net;
authentication=ActiveDirectoryServicePrincipal;loginTimeout=30
with driver com.microsoft.sqlserver.jdbc.SQLServerDriver.
Failed to load MSAL4J Java library for performing
ActiveDirectoryServicePrincipal authentication.
Has anyone successfully connected Liquibase CLI to Azure SQL using Service Principal auth in GitHub Actions?