Salesfactory · ramirezmorac2 · Feb 19, 2026 · Copilot · Feb 19, 2026 · Copilot
diff --git a/infra/main.bicep b/infra/main.bicep
@@ -406,9 +406,27 @@ var dbAccountName = !empty(azureDbAccountName) ? azureDbAccountName : 'dbgpt0-${
 @description('Cosmos DB Database Name. Use your own name convention or leave as it is to generate a random name.')
 param azureDbDatabaseName string = ''
 var dbDatabaseName = !empty(azureDbDatabaseName) ? azureDbDatabaseName : 'db0-${resourceToken}'
+@description('Azure SQL Server Name.')
+param azureSqlServerName string = ''
+var sqlServerName = !empty(azureSqlServerName) ? azureSqlServerName : 'sqlgpt0-${resourceToken}'
+@description('Azure SQL Database Name.')
+param azureSqlDatabaseName string = ''
+var sqlDatabaseName = !empty(azureSqlDatabaseName) ? azureSqlDatabaseName : 'sqldb0-${resourceToken}'
+@description('Azure SQL administrator login name.')
+param azureSqlAdministratorLogin string = 'sqladmin'
+@description('Azure SQL administrator password.')
+@secure()
+param azureSqlAdministratorPassword string
+@description('Key Vault secret name to store the Azure SQL administrator password.')
+param azureSqlAdminSecretName string = 'sqlAdminPassword'
+@description('Public network access setting for Azure SQL Server.')
+@allowed(['Enabled', 'Disabled'])
+param azureSqlPublicNetworkAccess string = 'Enabled'
 @description('Log Analytics Workspace Name. Use your own name convention or leave as it is to generate a random name.')
 param azureLogAnalyticsWorkspaceName string = ''
-var logAnalyticsWorkspaceName = !empty(azureLogAnalyticsWorkspaceName) ? azureLogAnalyticsWorkspaceName : 'law0-${resourceToken}'
+var logAnalyticsWorkspaceName = !empty(azureLogAnalyticsWorkspaceName)
+  ? azureLogAnalyticsWorkspaceName
+  : 'law0-${resourceToken}'
 @description('Enable PartitionKeyRUConsumption logs for multi-tenant billing')
 param enablePartitionKeyRUConsumption bool = true
 @description('Key Vault Name. Use your own name convention or leave as it is to generate a random name.')
@@ -954,6 +972,22 @@ module keyVault './core/security/keyvault.bicep' = {
   }
 }
 
+module sqlServer './core/db/sqlserver.bicep' = {
+  name: 'sqlserver'
+  scope: resourceGroup
+  params: {
+    name: sqlServerName
+    location: location
+    tags: tags
+    administratorLogin: azureSqlAdministratorLogin
+    administratorLoginPassword: azureSqlAdministratorPassword
+    databaseName: sqlDatabaseName
+    keyVaultName: keyVault.outputs.name
+    publicNetworkAccess: azureSqlPublicNetworkAccess
-    publicNetworkAccess: azureSqlPublicNetworkAccess
+    publicNetworkAccess: networkIsolation ? 'Disabled' : azureSqlPublicNetworkAccess
-    publicNetworkAccess: azureSqlPublicNetworkAccess
+    publicNetworkAccess: 'Disabled'
-    publicNetworkAccess: azureSqlPublicNetworkAccess
+    publicNetworkAccess: networkIsolation ? 'Disabled' : azureSqlPublicNetworkAccess
-    publicNetworkAccess: azureSqlPublicNetworkAccess
+    publicNetworkAccess: 'Disabled'
+    secretName: azureSqlAdminSecretName
+  }
+}
+
 module keyvaultpe './core/network/private-endpoint.bicep' = if (networkIsolation) {
   name: 'keyvaultpe'
   scope: resourceGroup
@@ -1523,7 +1557,7 @@ module frontEnd 'core/host/appservice.bicep' = {
       {
         name: 'USER_FEEDBACK_URL'
         value: userFeedbackUrl
-      } 
+      }
       {
         name: 'ANTHROPIC_API_KEY'
         value: orchestratorAnthropicApiKeyVar
@@ -1649,7 +1683,7 @@ module dataIngestion './core/host/functions.bicep' = {
         value: 'text-embedding-3-small'
       }
       {
-        name:'FORM_REC_API_VERSION'
+        name: 'FORM_REC_API_VERSION'
         value: '2024-11-30'
       }
       {
@@ -1685,7 +1719,7 @@ module dataIngestion './core/host/functions.bicep' = {
         value: 'INFO'
       }
       {
-        name:'COGNITIVE_SERVICES_KEY'
+        name: 'COGNITIVE_SERVICES_KEY'
         value: cognitiveServices.outputs.key
       }
       {
@@ -2118,6 +2152,8 @@ output AZURE_RESOURCE_GROUP_NAME string = azureResourceGroupName
 output AZURE_NETWORK_ISOLATION bool = networkIsolation
 output AZURE_DB_ACCOUNT_NAME string = azureDbAccountName
 output AZURE_DB_DATABASE_NAME string = azureDbDatabaseName
+output AZURE_SQL_SERVER_NAME string = sqlServerName
+output AZURE_SQL_DATABASE_NAME string = sqlDatabaseName
 output AZURE_STORAGE_ACCOUNT_NAME string = storageAccountName
 output AZURE_COGNITIVE_SERVICE_NAME string = azureCognitiveServiceName
 output AZURE_APP_SERVICE_PLAN_NAME string = azureAppServicePlanName

diff --git a/infra/main.parameters.json b/infra/main.parameters.json
@@ -50,6 +50,24 @@
     "azureDbDatabaseName": {
       "value": "${AZURE_DB_DATABASE_NAME}"
     },
+    "azureSqlServerName": {
+      "value": ""
-      "value": ""
+      "value": "${AZURE_SQL_SERVER_NAME}"
-      "value": ""
+      "value": "${AZURE_SQL_SERVER_NAME}"
+    },
+    "azureSqlDatabaseName": {
+      "value": ""
-      "value": ""
-    },
-    "azureSqlDatabaseName": {
-      "value": ""
+      "value": "${AZURE_SQL_SERVER_NAME}"
+    },
+    "azureSqlDatabaseName": {
+      "value": "${AZURE_SQL_DATABASE_NAME}"
-      "value": ""
-    },
-    "azureSqlDatabaseName": {
-      "value": ""
+      "value": "${AZURE_SQL_SERVER_NAME}"
+    },
+    "azureSqlDatabaseName": {
+      "value": "${AZURE_SQL_DATABASE_NAME}"
+    },
+    "azureSqlAdministratorLogin": {
+      "value": "${AZURE_SQL_ADMIN_LOGIN=sqladmin}"
+    },
+    "azureSqlAdministratorPassword": {
+      "value": "$(secretOrRandomPassword ${AZURE_KEY_VAULT_NAME} ${AZURE_SQL_ADMIN_SECRET_NAME=sqlAdminPassword})"
+    },
+    "azureSqlAdminSecretName": {
+      "value": "${AZURE_SQL_ADMIN_SECRET_NAME=sqlAdminPassword}"
+    },
+    "azureSqlPublicNetworkAccess": {
+      "value": "${AZURE_SQL_PUBLIC_NETWORK_ACCESS=Enabled}"
+    },
     "azureLogAnalyticsWorkspaceName": {
       "value": "${AZURE_LOG_ANALYTICS_WORKSPACE_NAME}"
     },