Drizzle Team•3mo ago

Using Entra ID for authenticating in drizzle.config.ts

Attempting to use best practices and use the service principal in our Azure to authenticate to postgres, however i cannot do awaits inside the drizzle.config.ts so i cannot retrieve the token when running drizzle-kit push

import { defineConfig, type Config } from 'drizzle-kit';
if (!process.env.DATABASE_URL) throw new Error('DATABASE_URL is not set');

import { ClientSecretCredential, DefaultAzureCredential } from '@azure/identity';

const host = "elephant-dev.postgres.database.azure.com:5432/sagalabs";
const database = "sagalabs";
const port = 5432;
const ssl = true;

const credential = new DefaultAzureCredential();
var accessToken = await credential.getToken('https://ossrdbms-aad.database.windows.net/.default');


export default defineConfig({
  schema: './src/lib/schema.ts',
  dbCredentials: {
    host: host,
    database: database,
    port: port,
    user: `SagaLabs-Dev-staging`,
    password: accessToken.token,
    ssl: ssl ? { rejectUnauthorized: false } : false,
  },
  verbose: true,
  strict: true,
  dialect: 'postgresql'
}) satisfies Config;

import { defineConfig, type Config } from 'drizzle-kit';
if (!process.env.DATABASE_URL) throw new Error('DATABASE_URL is not set');

import { ClientSecretCredential, DefaultAzureCredential } from '@azure/identity';

const host = "elephant-dev.postgres.database.azure.com:5432/sagalabs";
const database = "sagalabs";
const port = 5432;
const ssl = true;

const credential = new DefaultAzureCredential();
var accessToken = await credential.getToken('https://ossrdbms-aad.database.windows.net/.default');


export default defineConfig({
  schema: './src/lib/schema.ts',
  dbCredentials: {
    host: host,
    database: database,
    port: port,
    user: `SagaLabs-Dev-staging`,
    password: accessToken.token,
    ssl: ssl ? { rejectUnauthorized: false } : false,
  },
  verbose: true,
  strict: true,
  dialect: 'postgresql'
}) satisfies Config;

7 Replies

DJ MogensOP•3mo ago

PS C:\git\SagaLabsAps\SagaLabs-frontend-2.0> npx drizzle-kit push
No config path provided, using default 'drizzle.config.ts'
Reading config file 'C:\git\SagaLabsAps\SagaLabs-frontend-2.0\drizzle.config.ts'
Transform failed with 1 error:
C:\git\SagaLabsAps\SagaLabs-frontend-2.0\drizzle.config.ts:12:18: ERROR: Top-level await is currently not supported with the "cjs" output format

PS C:\git\SagaLabsAps\SagaLabs-frontend-2.0> npx drizzle-kit push
No config path provided, using default 'drizzle.config.ts'
Reading config file 'C:\git\SagaLabsAps\SagaLabs-frontend-2.0\drizzle.config.ts'
Transform failed with 1 error:
C:\git\SagaLabsAps\SagaLabs-frontend-2.0\drizzle.config.ts:12:18: ERROR: Top-level await is currently not supported with the "cjs" output format

DJ MogensOP•3mo ago

i guess this is actually the issue i am facing https://github.com/drizzle-team/drizzle-orm/issues/1982

GitHub

[FEATURE]: Support Top-level await in drizzle.config.ts · Issue ...

Describe what you want I want to write a configuration as follows. Here, fetchDatabaseUri is a function that retrieves authentication information from AWS Secrets Manager and returns the database U...

DJ MogensOP•3mo ago

why is it not merged :/ https://github.com/drizzle-team/drizzle-orm/pull/4075

GitHub

Add support for async configs by guillaumervls · Pull Request #407...

Description defineConfig now accepts a promise for a config or function that returns one - fixes #1982 Testing Added a test in drizzle-kit/tests/cli-async-config.test.ts

sMoZely•3mo ago

Depending on the 'pg' driver, the password property can be a async function that returns the password to use. We use this for the IAM auth in AWS, I assume you'd be able to do simillar: e.g.

  dbCredentials: {
    host: host,
    database: database,
    port: port,
    user: `SagaLabs-Dev-staging`,
    password: async () => (await credential.getToken('https://ossrdbms-aad.database.windows.net/.default')).token,
    ssl: ssl ? { rejectUnauthorized: false } : false,
  },

  dbCredentials: {
    host: host,
    database: database,
    port: port,
    user: `SagaLabs-Dev-staging`,
    password: async () => (await credential.getToken('https://ossrdbms-aad.database.windows.net/.default')).token,
    ssl: ssl ? { rejectUnauthorized: false } : false,
  },

DJ MogensOP•3mo ago

I'll try that Doesn't seem to work with the drizzle.config.ts :/ Seems to bypass the initial check that was:

PS C:\git\SagaLabsAps\SagaLabs-frontend-2.0> npx drizzle-kit push
No config path provided, using default 'drizzle.config.ts'
Reading config file 'C:\git\SagaLabsAps\SagaLabs-frontend-2.0\drizzle.config.ts'
Transform failed with 1 error:
C:\git\SagaLabsAps\SagaLabs-frontend-2.0\drizzle.config.ts:33:41: ERROR: Top-level await is currently not supported with the "cjs" output format

PS C:\git\SagaLabsAps\SagaLabs-frontend-2.0> npx drizzle-kit push
No config path provided, using default 'drizzle.config.ts'
Reading config file 'C:\git\SagaLabsAps\SagaLabs-frontend-2.0\drizzle.config.ts'
Transform failed with 1 error:
C:\git\SagaLabsAps\SagaLabs-frontend-2.0\drizzle.config.ts:33:41: ERROR: Top-level await is currently not supported with the "cjs" output format

Instead, after your fix, i got this:

PS C:\git\SagaLabsAps\SagaLabs-frontend-2.0> npx drizzle-kit push
No config path provided, using default 'drizzle.config.ts'
Reading config file 'C:\git\SagaLabsAps\SagaLabs-frontend-2.0\drizzle.config.ts'
 Error  Please provide required params for Postgres driver:
    [✓] host: 'elephant-dev.postgres.database.azure.com:5432'
    [✓] port: '5432'
    [✓] user: 'SagaLabs-Dev-staging'
        password?:
    [✓] database: 'sagalabs'
    [✓] ssl: 'require'

PS C:\git\SagaLabsAps\SagaLabs-frontend-2.0> npx drizzle-kit push
No config path provided, using default 'drizzle.config.ts'
Reading config file 'C:\git\SagaLabsAps\SagaLabs-frontend-2.0\drizzle.config.ts'
 Error  Please provide required params for Postgres driver:
    [✓] host: 'elephant-dev.postgres.database.azure.com:5432'
    [✓] port: '5432'
    [✓] user: 'SagaLabs-Dev-staging'
        password?:
    [✓] database: 'sagalabs'
    [✓] ssl: 'require'

Just looks like the password is missing :/ as it is not receiving a string value, but an async function

sMoZely•3mo ago

Ah sorry, my bad I miss-read part of your message. We don't actually use drizzle-kit when running against our remotes (we don't really use it much at all) Its creating the postgres connection ourselves and then passing it to a drizzle instance ... e.g. (not the real code, but as example)

import { Pool } from 'pg';

const queryClient = new Pool({
    host: process.env.DB_HOST,
    port: Number(process.env.DB_PORT),
    database: process.env.DB_NAME,
    user: process.env.DB_USER,
    password: async () => (await credential.getToken('https://ossrdbms-aad.database.windows.net/.default')).token,
});

const db: NodePgDatabase<typeof schema> = drizzle(queryClient, {
  schema,
});

import { Pool } from 'pg';

const queryClient = new Pool({
    host: process.env.DB_HOST,
    port: Number(process.env.DB_PORT),
    database: process.env.DB_NAME,
    user: process.env.DB_USER,
    password: async () => (await credential.getToken('https://ossrdbms-aad.database.windows.net/.default')).token,
});

const db: NodePgDatabase<typeof schema> = drizzle(queryClient, {
  schema,
});

And its the postgres pool function that allows passing an async function, not at the drizzle layer

DJ MogensOP•3mo ago

Yep, that is also what we are doing inside of the app. It's just a problem in the config. But again, it should be fixed with that pr

Gaming

Programming

Using Entra ID for authenticating in drizzle.config.ts

Did you find this page helpful?