Skip to main content
Available in arize-phoenix 14.8.0+ Phoenix now supports Microsoft Entra managed-identity authentication when connecting to Azure Database for PostgreSQL (Flexible Server). Set two environment variables and install the azure extra — Phoenix handles token acquisition and refresh automatically on every new database connection.

Setup

Install the azure extra to pull in azure-identity and aiohttp: 
pip install 'arize-phoenix[azure]'
Set the required environment variables: 
PHOENIX_POSTGRES_USE_AZURE_MANAGED_IDENTITY=true
PHOENIX_SQL_DATABASE_URL=postgresql+asyncpg://<user>@<host>/<db>
PHOENIX_POSTGRES_AZURE_SCOPE defaults to https://ossrdbms-aad.database.windows.net/.default. Override it only if you are running in a sovereign cloud such as Azure US Government: 
PHOENIX_POSTGRES_AZURE_SCOPE=https://ossrdbms-aad.database.usgovcloudapi.net/.default

Notes

  • Mutual exclusionPHOENIX_POSTGRES_USE_AZURE_MANAGED_IDENTITY and PHOENIX_POSTGRES_USE_AWS_IAM_AUTH cannot both be true; Phoenix raises a ValueError at startup if both are set.
  • PHOENIX_POSTGRES_AWS_IAM_TOKEN_LIFETIME_SECONDS is deprecated — the env var is now silently ignored with a startup warning. Connection pool hygiene is managed internally.

Using Azure Managed Identity

Full setup guide for Azure managed-identity PostgreSQL connections.

Amazon Aurora (AWS IAM)

Configure AWS RDS IAM authentication for PostgreSQL.