Skip to main content
First, ensure Phoenix runs in an environment where a managed identity is available (for example AKS, App Service, or an Azure VM). Azure PostgreSQL must have Microsoft Entra authentication enabled, and the managed identity must be created as a PostgreSQL principal. Azure managed-identity auth in Phoenix requires azure-identity (for custom Python installs, install with pip install 'arize-phoenix[azure]'). Then, configure Phoenix to use Azure managed identity for PostgreSQL: 
# Enable Azure managed-identity auth
export PHOENIX_POSTGRES_USE_AZURE_MANAGED_IDENTITY=true

# Database connection
export PHOENIX_POSTGRES_HOST=mydb.postgres.database.azure.com
export PHOENIX_POSTGRES_USER=my-managed-identity-name
export PHOENIX_POSTGRES_DB=phoenix

# Optional: set this only for non-public Azure clouds.
# Public Azure default (used when unset):
#   https://ossrdbms-aad.database.windows.net/.default
# Example for Azure US Government:
# export PHOENIX_POSTGRES_AZURE_SCOPE=https://ossrdbms-aad.database.usgovcloudapi.net/.default
Notes:
  • Do not set PHOENIX_POSTGRES_PASSWORD when PHOENIX_POSTGRES_USE_AZURE_MANAGED_IDENTITY=true.
  • You do not need a token-lifetime tuning variable. Phoenix reuses DefaultAzureCredential, and azure-identity handles token cache and refresh behavior.