--- id: sm-azure-postgres name: "azure-postgres" url: https://skills.yangsir.net/skill/sm-azure-postgres author: microsoft domain: ai-data-management-analysis tags: ["azure-database-for-postgresql", "relational-databases", "sql", "database-management", "cloud-databases"] install_count: 34800 rating: 4.60 (1392 reviews) github: https://github.com/microsoft/github-copilot-for-azure --- # azure-postgres > 专为Azure PostgreSQL数据库设计的GitHub Copilot,提供智能代码辅助,帮助开发者高效管理和优化数据库操作。 **Stats**: 34,800 installs · 4.6/5 (1392 reviews) ## Before / After 对比 ### Azure PostgreSQL数据库管理优化 ## Readme # azure-postgres # Azure Database for PostgreSQL Configure passwordless authentication with Microsoft Entra ID for existing Azure Database for PostgreSQL Flexible Server. This skill focuses on setting up Entra ID authentication, managing user access, and migrating from password-based authentication. **Primary use cases:** - Migrating existing PostgreSQL databases from password to Entra ID authentication - Setting up developer access with Azure identities - Configuring managed identity access for Azure-hosted applications - Managing group-based access control and permissions ## MCP Tools (Preferred) When Azure MCP is enabled, use these tools for PostgreSQL operations: - `azure__postgres` with command `postgres_server_list` - List PostgreSQL servers - `azure__postgres` with command `postgres_database_list` - List databases on a server - `azure__postgres` with command `postgres_database_query` - Execute SQL queries - `azure__postgres` with command `postgres_server_param_get` - Get server parameters - `azure__postgres` with command `postgres_server_param_set` - Set server parameters ## CLI Commands (Fallback) ``` az postgres flexible-server list --output table az postgres flexible-server db list --server-name SERVER -g RG az postgres flexible-server show --name SERVER -g RG az postgres flexible-server create --name SERVER -g RG --location REGION --admin-user ADMIN --version 16 ``` ## Quick Reference Property Value CLI prefix `az postgres flexible-server` MCP tools `azure__postgres` Best for Relational data, PostgreSQL compatibility, PostGIS Engine versions PostgreSQL 11, 12, 13, 14, 15, 16 (recommended) ## Working with Existing PostgreSQL Servers This skill primarily focuses on configuring authentication for existing PostgreSQL servers. If you need to reference or create servers, use MCP tools or CLI commands, and provide Azure Portal links for easy access. **Portal Link Format:** ``` https://portal.azure.com/#@{tenant-domain}/resource/subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.DBforPostgreSQL/flexibleServers/{server-name}/overview ``` **Example portal link:** ``` View in Azure Portal: https://portal.azure.com/#resource/subscriptions/abc123.../resourceGroups/myrg/providers/Microsoft.DBforPostgreSQL/flexibleServers/myserver/overview ``` ## Microsoft Entra ID Authentication (Critical) **⚠️ ALWAYS use passwordless authentication with Entra ID for production workloads.** ### Complete Setup Guide **[→ Microsoft Entra ID Authentication Setup Guide](https://github.com/microsoft/github-copilot-for-azure/blob/HEAD/plugin/skills/azure-postgres/./references/entra-rbac-overview.md)** This guide covers: - Enabling Entra ID authentication on PostgreSQL servers - Creating PostgreSQL roles mapped to Azure identities - Granting database permissions - Connecting with access tokens instead of passwords ### Quick Setup Patterns Use these patterns based on your scenario: Scenario Guide Link Use When **Developer Access** [Pattern 1](https://github.com/microsoft/github-copilot-for-azure/blob/HEAD/plugin/skills/azure-postgres/./references/entra-rbac-overview.md#pattern-1-developer-user-access) Grant developers access with their Azure identity **App Authentication** [Pattern 2](https://github.com/microsoft/github-copilot-for-azure/blob/HEAD/plugin/skills/azure-postgres/./references/entra-rbac-overview.md#pattern-2-managed-identity-for-applications) Passwordless access for Azure-hosted apps (Container Apps, App Service, Functions) **Team Access** [Pattern 3](https://github.com/microsoft/github-copilot-for-azure/blob/HEAD/plugin/skills/azure-postgres/./references/entra-rbac-overview.md#pattern-3-group-based-access-control) Manage permissions via Azure AD groups **Connection Issues** [Troubleshooting](https://github.com/microsoft/github-copilot-for-azure/blob/HEAD/plugin/skills/azure-postgres/./references/troubleshooting.md) Diagnose authentication and connection failures **Migration** [Pattern 5](https://github.com/microsoft/github-copilot-for-azure/blob/HEAD/plugin/skills/azure-postgres/./references/entra-rbac-overview.md#pattern-5-migration-from-password-auth) Transition from password to Entra ID authentication ## Service Tiers Tier vCores Memory Use Case Burstable 1-20 0.5-4 GB/vCore Dev/test, low traffic General Purpose 2-64 4 GB/vCore Most production workloads Memory Optimized 2-64 8 GB/vCore High-memory workloads **Start with Burstable for dev/test, scale up as needed.** ## Common Issues Issue Cause Solution `role does not exist` Role not created in database Run `pgaadauth_create_principal` - [see guide](https://github.com/microsoft/github-copilot-for-azure/blob/HEAD/plugin/skills/azure-postgres/./references/entra-rbac-overview.md) `password authentication failed` Token expired (5-60 min validity) Get fresh token: `az account get-access-token --resource-type oss-rdbms` `permission denied` Role lacks permissions Run `GRANT` statements - [see templates](https://github.com/microsoft/github-copilot-for-azure/blob/HEAD/plugin/skills/azure-postgres/./references/permission-templates.md) Connection timeout Firewall blocking access Add firewall rule: `az postgres flexible-server firewall-rule create` Guest user login fails Wrong UPN format Use full UPN with `#EXT#` tag from Azure AD ## SDK Quick References - **PostgreSQL Client**: [TypeScript](https://github.com/microsoft/github-copilot-for-azure/blob/HEAD/plugin/skills/azure-postgres/references/sdk/azure-postgres-ts.md) - **Azure Identity**: [Python](https://github.com/microsoft/github-copilot-for-azure/blob/HEAD/plugin/skills/azure-postgres/references/sdk/azure-identity-py.md) | [TypeScript](https://github.com/microsoft/github-copilot-for-azure/blob/HEAD/plugin/skills/azure-postgres/references/sdk/azure-identity-ts.md) - **PostgreSQL Mgmt**: [.NET](https://github.com/microsoft/github-copilot-for-azure/blob/HEAD/plugin/skills/azure-postgres/references/sdk/azure-resource-manager-postgresql-dotnet.md) ## References - [Microsoft Entra ID Authentication Setup](https://github.com/microsoft/github-copilot-for-azure/blob/HEAD/plugin/skills/azure-postgres/./references/entra-rbac-overview.md) - Complete passwordless authentication guide - [SQL Functions](https://github.com/microsoft/github-copilot-for-azure/blob/HEAD/plugin/skills/azure-postgres/./references/sql-functions.md) - Entra ID role management functions - [Permission Templates](https://github.com/microsoft/github-copilot-for-azure/blob/HEAD/plugin/skills/azure-postgres/./references/permission-templates.md) - Common permission patterns - [Troubleshooting](https://github.com/microsoft/github-copilot-for-azure/blob/HEAD/plugin/skills/azure-postgres/./references/troubleshooting.md) - Connection and auth issues Weekly Installs34.8KRepository[microsoft/githu…or-azure](https://github.com/microsoft/github-copilot-for-azure)GitHub Stars157First SeenFeb 4, 2026Security Audits[Gen Agent Trust HubPass](/microsoft/github-copilot-for-azure/azure-postgres/security/agent-trust-hub)[SocketPass](/microsoft/github-copilot-for-azure/azure-postgres/security/socket)[SnykPass](/microsoft/github-copilot-for-azure/azure-postgres/security/snyk)Installed ongithub-copilot34.7Kcodex50gemini-cli48opencode45amp42kimi-cli42 --- *Source: https://skills.yangsir.net/skill/sm-azure-postgres* *Markdown mirror: https://skills.yangsir.net/api/skill/sm-azure-postgres/markdown*