A minimal CLI proxy and Python library for Microsoft SQL Server queries. Its only job is to inject credentials so they never appear in command history or scripts.
pip install git+https://github.com/NuoBiT/mssql-auth.gitUpdate:
pip install --upgrade git+https://github.com/NuoBiT/mssql-auth.gitUninstall:
pip uninstall mssql-authmssql-auth --profile <name> '<SQL query>'
│ │ │
│ │ └─ SQL query string
│ └─ profile name → reads ~/.config/mssql-auth/<name>.conf
└─ connects, executes, returns JSON
# Simple query
mssql-auth --profile myserver 'SELECT TOP 10 * FROM Customers'
# Filtered query
mssql-auth --profile myserver "SELECT Name, Code FROM Items WHERE Active = 1"Output is a JSON array of objects (one per row), printed to stdout. Errors go to stderr.
from mssql_auth.client import connect
with connect(profile="myserver") as conn:
cursor = conn.cursor(as_dict=True)
cursor.execute("SELECT TOP 10 * FROM Customers")
rows = cursor.fetchall()The connect context manager returns a standard pymssql connection with
credentials injected from the profile. Use it exactly like any pymssql
connection.
One file per server, chmod 600:
mkdir -p ~/.config/mssql-auth
chmod 700 ~/.config/mssql-auth
cat > ~/.config/mssql-auth/myserver.conf << 'CONF'
[mssql]
server=192.168.1.100
port=1433
database=my_database
user=sa
password=your-password
CONF
chmod 600 ~/.config/mssql-auth/myserver.confThe port key is optional and defaults to 1433.
The tool refuses to run if the config directory or files are accessible by
group or others (like ssh does with ~/.ssh/).
| Data | Leaves your machine? |
|---|---|
| MSSQL credentials | No — read locally from ~/.config/ |
| SQL queries | Yes — sent to MSSQL server |
| Query results | Yes — returned from MSSQL server |
The wrapper is like psql reading ~/.pgpass — credentials stay local,
only the queries go over the wire.
- python3 >= 3.8
- pymssql (installed automatically as a dependency)