feat(sources/mssql): add support for encrypt connection parameter (#874)

## 1. Why do we need to support the `encrypt` parameter? MSSQL databases that `genai-toolbox` attempts to connect to may have their encryption levels set differently. For example, a testing/demo purpose MSSQL database may not require encryption at all. However, `genai-toolbox` currently uses the default encryption parameter (`encrypt=false`) to connect to this type of database and will throw an error: ``` ERROR "toolbox failed to initialize: unable to initialize configs: unable to initialize source "my-mssql-source": unable to connect successfully: TLS Handshake failed: cannot read handshake packet: EOF" ``` > In this case, the encryption parameter should be set to `encrypt=disable`. ## 2. Is this a necessary feature? `genai-toolbox` uses the `github.com/microsoft/go-mssqldb` package as a dependency to connect to MSSQL databases. According to the [README](https://github.com/microsoft/go-mssqldb?tab=readme-ov-file#common-parameters) of the `github.com/microsoft/go-mssqldb` package, `encrypt` is one of the common parameters. Therefore, I believe supporting the `encrypt` parameter in `genai-toolbox` is necessary. ## 3. How to replicate the error mentioned above? ### 3.1 Use this `docker-compose.yaml` file to start a demo MSSQL instance ``` services: demo-mssql-database: image: mcr.microsoft.com/mssql/server:2017-CU1-ubuntu ports: - "20256:1433" environment: ACCEPT_EULA: "Y" MSSQL_SA_PASSWORD: "hellopassword!" restart: unless-stopped healthcheck: test: ["CMD", "/opt/mssql-tools/bin/sqlcmd", "-S", "localhost", "-U", "sa", "-P", "hellopassword!", "-Q", "SELECT 1"] interval: 5s retries: 10 demo-mssql-database-init: image: mcr.microsoft.com/mssql/server:2017-CU1-ubuntu network_mode: service:demo-mssql-database command: > /bin/bash -c "/opt/mssql-tools/bin/sqlcmd -S localhost -U sa -P hellopassword! -d master -Q 'CREATE DATABASE DemoDatabase;'" depends_on: demo-mssql-database: condition: service_healthy ``` ### 3.2 Use `genai-toolbox` to connect to the above demo MSSQL database with this `tools.yaml` configuration file: ``` sources: my-mssql-source: kind: mssql host: localhost port: 20256 database: master user: sa password: 'hellopassword!' ``` ### 3.3 We shall see the error: ``` ERROR "toolbox failed to initialize: unable to initialize configs: unable to initialize source "my-mssql-source": unable to connect successfully: TLS Handshake failed: cannot read handshake packet: EOF" ``` --------- Co-authored-by: Yuan Teoh <45984206+Yuan325@users.noreply.github.com>
2026-01-09 23:48:04 -05:00 · 2025-07-25 07:51:25 +10:00
parent 3746dbae65
commit 14a868f2a0
3 changed files with 50 additions and 10 deletions
--- a/docs/en/resources/sources/mssql.md
+++ b/docs/en/resources/sources/mssql.md
@@ -43,6 +43,7 @@ sources:
        database: my_db
        user: ${USER_NAME}
        password: ${PASSWORD}
+        # encrypt: strict
 ```

 {{< notice tip >}}
@@ -52,11 +53,12 @@ instead of hardcoding your secrets into the configuration file.

 ## Reference

-| **field** | **type** | **required** | **description**                                                        |
-|-----------|:--------:|:------------:|------------------------------------------------------------------------|
-| kind      |  string  |     true     | Must be "mssql".                                                       |
-| host      |  string  |     true     | IP address to connect to (e.g. "127.0.0.1").                           |
-| port      |  string  |     true     | Port to connect to (e.g. "1433").                                      |
-| database  |  string  |     true     | Name of the SQL Server database to connect to (e.g. "my_db").          |
-| user      |  string  |     true     | Name of the SQL Server user to connect as (e.g. "my-user").            |
-| password  |  string  |     true     | Password of the SQL Server user (e.g. "my-password").                  |
+| **field** | **type** | **required** | **description**                                                                                                                                                                            |
+|-----------|:--------:|:------------:|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| kind      |  string  |     true     | Must be "mssql".                                                                                                                                                                           |
+| host      |  string  |     true     | IP address to connect to (e.g. "127.0.0.1").                                                                                                                                               |
+| port      |  string  |     true     | Port to connect to (e.g. "1433").                                                                                                                                                          |
+| database  |  string  |     true     | Name of the SQL Server database to connect to (e.g. "my_db").                                                                                                                              |
+| user      |  string  |     true     | Name of the SQL Server user to connect as (e.g. "my-user").                                                                                                                                |
+| password  |  string  |     true     | Password of the SQL Server user (e.g. "my-password").                                                                                                                                      |
+| encrypt   |  string  |    false     | Encryption level for data transmitted between the client and server (e.g., "strict"). If not specified, defaults to the [github.com/microsoft/go-mssqldb](https://github.com/microsoft/go-mssqldb?tab=readme-ov-file#common-parameters) package's default encrypt value. |