To access a Cosmos DB instance, you should obtain the proper credentials from your administrator.  At a minimum, you'll need to know the URI and Access Key.  


When performing reverse-engineering of Cosmos DB, most of the information can be retrieved through the Data Plane account key.  If provided additional Control Plane parameters, Hackolade is able to also retrieve additional metadata, such as: tags, location and region replication, automatic failover, virtual network filter and rules, and IP-range filter.


1) Data plane

Give a meaningful name to the connection to identify it for later, and provide proper connection string parameters:



Go to the Azure portal to retrieve your URL, port number, and Primary Key.  In the Azure portal, navigate to your Azure Cosmos DB account, and click on Keys.   Copy the URI from the portal and paste it into <Address> (without the port number), then enter the port number into <Port>, and finally copy the PRIMARY or SECONDARY key, either Read-Write or Read-Only, and paste it into <Account Key>.




2) Control Plane

The REST API connection should be enabled and all the proper parameters provided if you wish for Hackolade to retrieve additional metadata such as: tags, location and region replication, automatic failover, virtual network filter and rules, and IP-range filter.




First, you must provide the Resource Group Name and Subscription ID of Cosmos DB instance, as found in the Overview screen of the Comos DB instance. More information here.


Next, the Hackolade application must be registered so Azure accepts the REST API calls, as per these instructions.  The Applilcation (client) ID and the Directory (tenant) ID are retrieved are retrieved from the App registration Overview screen:


Note: it is critical to assign the proper role to the application just registered.  This is done following the steps outlined here.


Finally, the Application secret is obtained from the Cerificates & secrets screen of the App registration: