Read from Microsoft SQL Server with Windows, SQL, and Azure AD authentication
## Overview The SQL Server connector enables DeltaForge to read data from SQL Server 2016+ and Azure SQL Database. Connections are configured through the GUI on the Configuration > Connections page. Once a connection is registered, remote tables and views are automatically discovered and appear in the catalog under the Database Tables section, where they can be browsed and queried using standard SQL with the zone.schema.table naming pattern. ## Configuration Database connections are not defined in SQL. Instead, use the Configuration > Connections page in the DeltaForge GUI to create a new SQL Server connection. Provide the host, port, database, credentials, authentication method, and encryption settings. After the connection is saved and tested, the connector introspects the target schema and populates the catalog with the available tables. Once registered, remote SQL Server tables can be queried directly: ```sql SELECT * FROM my_zone.dbo.orders WHERE status = 'shipped'; ``` ## Authentication Three authentication methods are supported: 1. **SQL authentication**: Provide username and password. Standard login credentials are validated by the SQL Server instance. 2. **Windows Integrated authentication**: Set trusted_connection to true. The connector authenticates using the operating system identity (Kerberos/NTLM) of the running process. The username and password options are ignored in this mode. 3. **Azure Active Directory**: Set azure_ad_auth to true. The connector acquires an OAuth token using the configured Azure AD credentials. This is the recommended method for Azure SQL Database and Azure SQL Managed Instance, as it integrates with conditional access policies. Encryption is controlled independently from authentication. Set encrypt to true and trust_server_cert to false for production environments to ensure both TLS encryption and server certificate validation. Azure SQL Database always enforces encryption regardless of these settings. Passwords are stored in the secure credential vault and never persisted in plaintext. ## Key Options The connector supports two data-access modes: - **Table mode**: Set the table option to read from a specific table within the configured schema. The connector generates a SELECT * and can push WHERE predicates and column projections down to the source, reducing data transfer. - **Query mode**: Set the query option to execute an arbitrary T-SQL statement on the source server. This supports CTEs, window functions, CROSS APPLY, and other SQL Server-specific features. The query is sent to the source as-is. Only one mode may be active at a time. - **trusted_connection**: Enables Windows Integrated authentication using the process identity. - **azure_ad_auth**: Enables Azure AD token-based authentication for cloud-hosted instances. - **encrypt / trust_server_cert**: Control TLS encryption and certificate validation behavior. - **max_connections**: Connection pool size, managed internally with automatic reconnection on transient failures.