Hey guys! How are you?

Recently, I had the pleasure of participating in a sensational live broadcast on the .NET channel with master Renato Groff, where we delved head first into the most modern in Artificial Intelligence applied to Databases.

If you thought AI was just for front-end developers or data scientists, get ready: the game has changed and SQL Server 2025 is here to prove it.

In this post, I will summarize the main points we built live, focusing on the native integration of SQL Server with Azure Open AI and how to monitor all of this with OpenTelemetry and Grafana.

 

The Leap to SQL Server 2025

The big star of the night was the announcement of the capabilities of the SQL Server 2025 (Public Preview). Microsoft finally brought to “on-premises” (and to SQL Database) a feature that previously depended on complex workarounds or CLR: the native execution of REST calls.

Through the system procedure sp_invoke_external_rest_endpoint, we can now communicate with any API, including Azure Open AI, without leaving our query.

The use of CLR (Common Language Runtime) is still an alternative for previous versions (such as 2017 or 2019), but the performance and security of native support in SQL 2025 are unmatched.

Integration Architecture: Azure Open AI

To make this magic happen, we use the model GPT-4o mini. Why the “mini”? Simple: Cost-Benefit. It is absurdly cheaper than the full GPT-4o (about 20 to 30 times less) and delivers excellent accuracy for database tasks, such as generating T-SQL commands or summarizing logs.

Security: Using Database Scoped Credentials to prevent credential leaks

As a Senior professional, the first thing I think is: “Am I going to expose my API Key in clear text?”. Never.

Good practice here is to use the Database Scoped Credentials: We create a credential that stores the authorization token, so the developer calling the procedure does not have access to the API key, only the name of the credential.

Important: Before creating credentials, you need to enable Master Key in the database to ensure encryption of secrets.

The Script: Turning SQL Server into a Virtual DBA

Below, I present the complete script to configure this integration and create a procedure that interprets natural language and executes commands in your database.

-- Cria a masterkey do banco
IF NOT EXISTS(SELECT * FROM sys.symmetric_keys WHERE [name] = '##MS_DatabaseMasterKey##') 
BEGIN
    CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'LONg_Pa$$_w0rd!'
END
GO


-- Cria as credenciais
IF EXISTS(SELECT * FROM sys.database_scoped_credentials WHERE [name] = 'https://dirceu-openai.openai.azure.com')
BEGIN
    DROP DATABASE SCOPED CREDENTIAL [https://dirceu-openai.openai.azure.com]
END;


DECLARE 
    @Query VARCHAR(MAX)


SET @Query = 'CREATE DATABASE SCOPED CREDENTIAL [https://dirceu-openai.openai.azure.com] WITH IDENTITY = ''HTTPEndpointHeaders'', SECRET = ''{"Authorization": "Bearer ' + CONVERT(VARCHAR(MAX), 'Chave_API_AQUI')  + '"}'''
EXEC(@Query)


CREATE OR ALTER PROCEDURE dbo.stpExecuta_SQL_IA (
    @Prompt VARCHAR(MAX),
    @Fl_Debug BIT = 0
)
AS 
BEGIN

    -- Executa a API
    DECLARE
        @ret INT,
        @response NVARCHAR(MAX),
        @payload VARCHAR(MAX) = '{
      "messages": [
        {
          "role": "system",
          "content": [
            {
              "type": "text",
              "text": "Essas são as instruções básicas para você: Você é um DBA SQL Server. Tudo que eu te perguntar, você deve responder apenas com comandos T-SQL. NUNCA, JAMAIS, EM NENHUMA HIPÓTESE, VOCÊ DEVERÁ ME RESPONDER COM QUALQUER MENSAGEM OU NENHUM CARACTERE QUE NÃO SEJA PARTE DE UM CÓDIGO T-SQL. Se limite a responder apenas o que eu perguntar, com comandos T-SQL. Se não for possível responder ou for uma pergunta que não faça sentido do ponto de vista de um banco SQL Server, não responda nada, retorne vazio. O que eu quero saber é: ' + @Prompt + '"
            }
          ]
        }
      ],
      "temperature": 0.7,
      "top_p": 0.95,
      "max_tokens": 8000
    }'

    EXEC @ret = sys.sp_invoke_external_rest_endpoint 
	    @method = 'POST',
	    @url = N'https://dirceu-openai.openai.azure.com/openai/deployments/gpt-4o-mini/chat/completions?api-version=2025-01-01-preview',
	    @payload = @payload,
            @credential = [https://dirceu-openai.openai.azure.com],
	    @response = @response OUTPUT

    -- PRINT @response


    DECLARE @retorno VARCHAR(MAX)
    
    SET @retorno = JSON_VALUE(@response, '$.result.choices[0].message.content')


    SET @retorno = REPLACE(REPLACE(@retorno, '```sql', ''), '```', '')

    PRINT @retorno

    IF (LEN(TRIM(@retorno)) > 0 AND @Fl_Debug = 0)
        EXEC(@retorno)

END


-- EXEC dbo.stpExecuta_SQL_IA 'Quero criar uma tabela chamada Clientes com os campos nome, cpf e idade. Se a tabela já existir, pode excluir.'


-- EXEC dbo.stpExecuta_SQL_IA 'Quero criar uma tabela chamada Clientes com os campos nome, cpf e idade. Se a tabela já existir, pode excluir.'
-- EXEC dbo.stpExecuta_SQL_IA 'Na minha tabela de Clientes, que tem os campos nome, cpf (char(11)) e idade, insere 50 registros.'
-- EXEC dbo.stpExecuta_SQL_IA 'Retorne as colunas nome e idade da minha tabela de clientes'
-- EXEC dbo.stpExecuta_SQL_IA 'Retorne os dados da minha tabela de clientes onde a idade seja igual a 36'
-- EXEC dbo.stpExecuta_SQL_IA 'Retorne os dados da minha tabela de clientes onde a idade seja igual a 36 ou 38 ou 40'
-- EXEC dbo.stpExecuta_SQL_IA 'Retorne os dados da minha tabela de clientes onde a idade seja igual a 36 ou 38 ou 40 e o final do cpf termine com um número par'

-- EXEC dbo.stpExecuta_SQL_IA 'Quero criar uma tabela com de clientes com os campos nome, cpf e idade. Se a tabela já existir, pode excluir. Insere 50 registros nessa tabela e retorna os dados', @Fl_Debug = 0

Observability and Monitoring

It’s not enough to integrate, you have to monitor it. During the demo, Renato Groff showed how the Semantic Kernel and the OpenTelemetry are vital.

When SQL Server makes a call to the AI, we generate tokens. These tokens cost money. By instrumenting the application with Grafana and Aloy, we were able to capture:

  • Input Tokens vs. Output Tokens: How much are we spending per question?
  • Wait Types: Monitor network latency in the API call (watch out for network waits that can crash SQL workers).
  • Trace ID: Tying the user question on the front-end to the AI-generated query in the database.
CRITICAL ALERT: Giving permission for an AI to execute dynamic SQL commands (EXEC sp_executesql) opens holes for Prompt Injection. Always use users with the principle of least privilege (only SELECT on specific tables) and never run this in production without a Resource Governor configured to limit CPU/Memory for these queries.

Reference Table: Limits and Tokens

To help with cost planning, here is a simplified estimate for the GPT-4o mini model:

Model Entry Cost (1M tokens) Output Cost (1M tokens) Recommended Use
GPT-4o $5.00 $15.00 Complex logic and error analysis.
GPT-4o mini $0.15 $0.60 Simple SQL queries and summaries.

Performance and Impact

When using the sp_invoke_external_rest_endpoint, SQL Server manages the HTTP connection asynchronously internally, but the user session is on hold until the API returns. In highly competitive environments, this can increase External Wait counters.

The tip is to use this functionality for Background tasks, BI or administrative tools, avoiding the main transaction recording flow (OLTP).

 

I hope you liked this tip, a big hug and see you next time!