Your database schema and data-masking rules live alongside application code in Azure Repos as DACPACs or
migration scripts.
Azure Pipelines build and run unit tests against a disposable Azure SQL instance, then use the
SqlAzureDacpacDeployment task to deploy changes to dev, staging and production
Connection strings and admin credentials are pulled at runtime from Azure Key Vault via a
service connection
We incorporate vulnerability assessments and performance tuning in the pipeline, then monitor
throughput and DTU/vCore consumption—automating scale-up/down actions via additional pipeline steps to
keep costs optimized.