I am deploying to an azure synapse environment queries using sqlcmd to serverless pool.
The environment contains an SQL database that my deploying account has access to.
I am creating first the credentials to access a cosmosDB with :
CREATE DATABASE SCOPED CREDENTIAL [mycosmos] WITH IDENTITY = 'SHARED ACCESS SIGNATURE', SECRET = '<accessKeyToCosmosAccount>'
Then using the openrowset with the created credentials to retrieve records from the aforementioned COSMOSDB
SELECT TOP (100) *
from OPENROWSET (
PROVIDER = 'CosmosDB',
CONNECTION = 'Account=mycosmos;Database=reporting;',
OBJECT = 'data',
CREDENTIAL = 'mycosmos'
) as o;
however executing the latter gives the following error:
Resolving CosmosDB path has failed with error 'Secret is not base64 encoded.'.
Does anyone has tips or ideas on how to get more information or to understand the issue at hand?
the credentials are indeed created and I checked that by using:
SELECT * FROM SYS.database_scoped_credentials
I also tried to base64 the secret accessKeyToCosmosAccount using
echo $mysecret | tr -d 'nr' | base64 -w 0
to no avail (I still keep getting the same error)
thanks
2
Answers
Hi thanks for your quick answer. turns out it was indeed the secret which we retrieve with an
az cosmosdb keys list --name <name> -g <resource-group> --query 'primaryReadonlyMasterKey' -o tsvSomething wrong happens when we use the sqlcmd and pass the secret with -v. turns out passing variables with
=sign results in sqlcmd trimming the rest (see Escape variable in sqlcmd / Invoke-SqlCmd)I think this issue is not much relevant to Synapse than it is to sqlcmd. I will continue the conversation there.
I tried to reproduce similar scenario in my environment and faced similar error.
After researching I found that cause of error is the incorrect secret.
To resolve this, check your secret/primary key is correct.
To get connection string you can go to your cosmos db account >> Settings >> Keys >> Primary Key.
My code:
Execution and Output: