Tyler-R-Kendrick/azure-postgres
.agents/skills/azure-postgres/SKILL.md
Create new Azure Database for PostgreSQL Flexible Server instances and configure passwordless authentication with Microsoft Entra ID. Set up developer access, managed identities for apps, group-based permissions, and migrate from password-based to Entra ID authentication. Trigger phrases include "passwordless for postgres", "entra id postgres", "azure ad postgres authentication", "postgres managed identity", "migrate postgres to passwordless".
$ install --global
skillsauthnpx skillsauth add Tyler-R-Kendrick/agent-skills azure-postgresInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 15, 2026, 10:49 PM42.0s11 files scanned
SKILL.md
- name:
- azure-postgres
- description:
- Create new Azure Database for PostgreSQL Flexible Server instances and configure passwordless authentication with Microsoft Entra ID. Set up developer access, managed identities for apps, group-based permissions, and migrate from password-based to Entra ID authentication. Trigger phrases include "passwordless for postgres", "entra id postgres", "azure ad postgres authentication", "postgres managed identity", "migrate postgres to passwordless".
Azure Database for PostgreSQL
Configure passwordless authentication with Microsoft Entra ID for existing Azure Database for PostgreSQL Flexible Server. This skill focuses on setting up Entra ID authentication, managing user access, and migrating from password-based authentication.
Primary use cases:
- Migrating existing PostgreSQL databases from password to Entra ID authentication
- Setting up developer access with Azure identities
- Configuring managed identity access for Azure-hosted applications
- Managing group-based access control and permissions
MCP Tools (Preferred)
When Azure MCP is enabled, use these tools for PostgreSQL operations:
azure__postgreswith commandpostgres_server_list- List PostgreSQL serversazure__postgreswith commandpostgres_database_list- List databases on a serverazure__postgreswith commandpostgres_database_query- Execute SQL queriesazure__postgreswith commandpostgres_server_param_get- Get server parametersazure__postgreswith commandpostgres_server_param_set- Set server parameters
CLI Commands (Fallback)
az postgres flexible-server list --output table
az postgres flexible-server db list --server-name SERVER -g RG
az postgres flexible-server show --name SERVER -g RG
az postgres flexible-server create --name SERVER -g RG --location REGION --admin-user ADMIN --version 16
Quick Reference
| Property | Value |
|----------|-------|
| CLI prefix | az postgres flexible-server |
| MCP tools | azure__postgres |
| Best for | Relational data, PostgreSQL compatibility, PostGIS |
| Engine versions | PostgreSQL 11, 12, 13, 14, 15, 16 (recommended) |
Working with Existing PostgreSQL Servers
This skill primarily focuses on configuring authentication for existing PostgreSQL servers. If you need to reference or create servers, use MCP tools or CLI commands, and provide Azure Portal links for easy access.
Portal Link Format:
https://portal.azure.com/#@{tenant-domain}/resource/subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.DBforPostgreSQL/flexibleServers/{server-name}/overview
Example portal link:
View in Azure Portal:
https://portal.azure.com/#resource/subscriptions/abc123.../resourceGroups/myrg/providers/Microsoft.DBforPostgreSQL/flexibleServers/myserver/overview
Microsoft Entra ID Authentication (Critical)
⚠️ ALWAYS use passwordless authentication with Entra ID for production workloads.
Complete Setup Guide
→ Microsoft Entra ID Authentication Setup Guide
This guide covers:
- Enabling Entra ID authentication on PostgreSQL servers
- Creating PostgreSQL roles mapped to Azure identities
- Granting database permissions
- Connecting with access tokens instead of passwords
Quick Setup Patterns
Use these patterns based on your scenario:
| Scenario | Guide Link | Use When | |----------|------------|----------| | Developer Access | Pattern 1 | Grant developers access with their Azure identity | | App Authentication | Pattern 2 | Passwordless access for Azure-hosted apps (Container Apps, App Service, Functions) | | Team Access | Pattern 3 | Manage permissions via Azure AD groups | | Connection Issues | Troubleshooting | Diagnose authentication and connection failures | | Migration | Pattern 5 | Transition from password to Entra ID authentication |
Service Tiers
| Tier | vCores | Memory | Use Case | |------|--------|--------|----------| | Burstable | 1-20 | 0.5-4 GB/vCore | Dev/test, low traffic | | General Purpose | 2-64 | 4 GB/vCore | Most production workloads | | Memory Optimized | 2-64 | 8 GB/vCore | High-memory workloads |
Start with Burstable for dev/test, scale up as needed.
Common Issues
| Issue | Cause | Solution |
|-------|-------|----------|
| role does not exist | Role not created in database | Run pgaadauth_create_principal - see guide |
| password authentication failed | Token expired (5-60 min validity) | Get fresh token: az account get-access-token --resource-type oss-rdbms |
| permission denied | Role lacks permissions | Run GRANT statements - see templates |
| Connection timeout | Firewall blocking access | Add firewall rule: az postgres flexible-server firewall-rule create |
| Guest user login fails | Wrong UPN format | Use full UPN with #EXT# tag from Azure AD |
References
- Microsoft Entra ID Authentication Setup - Complete passwordless authentication guide
- SQL Functions - Entra ID role management functions
- Permission Templates - Common permission patterns
- Troubleshooting - Connection and auth issues
Related Skills
Tyler-R-Kendrick/azure-prepare
tools
VerifiedTrustedCommunity
REQUIRED FIRST STEP: You MUST invoke this skill BEFORE generating ANY Azure application code, infrastructure files, or Azure CLI commands. This skill prepares applications for Azure hosting. USE THIS SKILL when users want to create new Azure applications, ADD new components or services to existing applications, UPDATE or modify existing Azure configurations, modernize applications for Azure, or deploy to Azure. Do NOT generate azure.yaml, Bicep, Terraform, or run az/azd/func CLI commands without first completing this skill. This applies to NEW projects AND changes to EXISTING projects.
7SKILL.mdUpdated Apr 15, 2026
Tyler-R-Kendrick/azure-observability
testing
VerifiedTrustedCommunity
Azure Observability Services including Azure Monitor, Application Insights, Log Analytics, Alerts, and Workbooks. Provides metrics, APM, distributed tracing, KQL queries, and interactive reports.
7SKILL.mdUpdated Apr 15, 2026
Tyler-R-Kendrick/azure-networking
testing
VerifiedTrustedCommunity
Azure Networking Services including Virtual Networks, Private Endpoints, Load Balancers, Application Gateway, Front Door, and DNS. Covers hub-spoke topology, private endpoint patterns, and network security layers. USE FOR: virtual network setup, private endpoint configuration, hub-spoke topology, VNet peering, network security groups, Azure firewall rules, load balancer setup, Application Gateway configuration, Azure Front Door, private link setup, DNS configuration, network isolation DO NOT USE FOR: compute resource configuration (use azure-create-app), Azure Functions networking (use azure-functions), database networking within postgres/cosmos (use respective skills), cost analysis (use azure-cost-optimization), resource deployment (use azure-deploy)
7SKILL.mdUpdated Apr 15, 2026
Tyler-R-Kendrick/azure-kusto
tools
VerifiedTrustedCommunity
Query and analyze data in Azure Data Explorer (Kusto/ADX) using KQL for log analytics, telemetry, and time series analysis. USE FOR: KQL queries, Kusto database queries, Azure Data Explorer, ADX clusters, log analytics, time series data, IoT telemetry, anomaly detection DO NOT USE FOR: SQL databases (use azure-postgres), NoSQL queries (use azure-storage), Elasticsearch, AWS analytics tools
7SKILL.mdUpdated Apr 15, 2026