AzureAD/EntraID Authentication for database backend

[vosdev]

Is your feature request related to a problem? Please describe As a DevSecOps engineer I am required by security policy to authenticate database connections using Active Directory / EntraID instead of native postgresql user and password.

Describe the solution you'd like The possibility to use Azure AD token based authentication for database connectivity

Describe alternatives you've considered None. This is a new company policy.

Additional context https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/concepts-azure-ad-authentication

https://stackoverflow.com/questions/77135512/sqlalchemy-connect-to-azure-postgresql-flexible-database-with-token-authenticati

[mtesauro]

@vosdev Your best option short of maintaining a fork of DefectDojo with Azure specific changes is to use something like PgBouncer and have DefectDojo connect to that (locally if you're doing a compose install). Then have PgBouncer connect to the "real" DB.

PgBouncer apparently supports Azure / AD auth - though I have zero experience doing that.

https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/concepts-pgbouncer

Given that this auth is vendor specific and would be problematic to test and maintain, I don't see DefectDojo doing that auth until the Django framework supports it.

HTH

[vosdev]

Thank you Matt :)

We will look at alternative options to keep using DefectDojo.