diff --git a/README.md b/README.md
index 1b9f49f..6c52667 100644
--- a/README.md
+++ b/README.md
@@ -44,7 +44,8 @@ For details of how the standard "template" provisioner works, see the `template:
 | dns           | default | (none)                 | `host`                                                          |
 | route         | default | `host`, `path`, `port` |                                                                 |
 | mongodb       | default | (none)                 | `host`, `port`, `username`, `password`, `name`, `connection`    |
-| ampq          | default | (nont)                 | `host`, `port`, `username`, `password`, `vhost`                 |
+| ampq          | default | (none)                 | `host`, `port`, `username`, `password`, `vhost`                 |
+| mssql         | default | (none)                 | `server`, `port`, `database`, `password`                        |
 
 Users are encouraged to write their own custom provisioners to support new resource types or to modify the implementations above.
 
diff --git a/internal/provisioners/default/zz-default.provisioners.yaml b/internal/provisioners/default/zz-default.provisioners.yaml
index e0dd48b..9885127 100644
--- a/internal/provisioners/default/zz-default.provisioners.yaml
+++ b/internal/provisioners/default/zz-default.provisioners.yaml
@@ -798,3 +798,120 @@
         selector:
           app.kubernetes.io/instance: {{ .State.service }}
         type: ClusterIP
+
+- uri: template://default-provisioners/mssql
+  type: mssql
+  init: |
+    randomPassword: {{ randAlphaNum 16 | quote }}
+  state: |
+    service: mssql-{{ .SourceWorkload }}-{{ substr 0 8 .Guid | lower }}
+    database: master
+    username: sa
+    password: {{ dig "password" .Init.randomPassword .State | quote }}
+  outputs: |
+    server: {{ .State.service }}
+    port: 1433
+    connection: "Server=tcp:{{ .State.service }},1433;Initial Catalog={{ .State.database }};User ID={{ .State.username }};Password={{ encodeSecretRef .State.service "MSSQL_SA_PASSWORD" }}"
+    database: {{ .State.database }}
+    username: {{ .State.username }}
+    password: {{ encodeSecretRef .State.service "MSSQL_SA_PASSWORD" }}
+  manifests: |
+    - apiVersion: v1
+      kind: Secret
+      metadata:
+        name: {{ .State.service }}
+        annotations:
+          k8s.score.dev/source-workload: {{ .SourceWorkload }}
+          k8s.score.dev/resource-uid: {{ .Uid }}
+          k8s.score.dev/resource-guid: {{ .Guid }}
+        labels:
+          app.kubernetes.io/managed-by: score-k8s
+          app.kubernetes.io/name: {{ .State.service }}
+          app.kubernetes.io/instance: {{ .State.service }}
+      data:
+        MSSQL_SA_PASSWORD: {{ .State.password | b64enc }}
+    - apiVersion: apps/v1
+      kind: StatefulSet
+      metadata:
+        name: {{ .State.service }}
+        annotations:
+          k8s.score.dev/source-workload: {{ .SourceWorkload }}
+          k8s.score.dev/resource-uid: {{ .Uid }}
+          k8s.score.dev/resource-guid: {{ .Guid }}
+        labels:
+          app.kubernetes.io/managed-by: score-k8s
+          app.kubernetes.io/name: {{ .State.service }}
+          app.kubernetes.io/instance: {{ .State.service }}
+      spec:
+        replicas: 1
+        serviceName: {{ .State.service }}
+        selector:
+          matchLabels:
+            app.kubernetes.io/instance: {{ .State.service }}
+        template:
+          metadata:
+            labels:
+              app.kubernetes.io/managed-by: score-k8s
+              app.kubernetes.io/name: {{ .State.service }}
+              app.kubernetes.io/instance: {{ .State.service }}
+            annotations:
+              k8s.score.dev/source-workload: {{ .SourceWorkload }}
+              k8s.score.dev/resource-uid: {{ .Uid }}
+              k8s.score.dev/resource-guid: {{ .Guid }}
+          spec:
+            containers:
+            - name: mssql-db
+              image: mcr.microsoft.com/mssql/server:latest
+              ports:
+              - name: mssql
+                containerPort: 1433
+              env:
+              - name: ACCEPT_EULA
+                value: "Y"
+              - name: MSSQL_ENABLE_HADR
+                value: "1"
+              - name: MSSQL_AGENT_ENABLED
+                value: "1"
+              - name: MSSQL_SA_PASSWORD
+                valueFrom:
+                  secretKeyRef:
+                    name: {{ .State.service }}
+                    key: MSSQL_SA_PASSWORD
+              volumeMounts:
+              - name: mssql
+                mountPath: "/var/opt/mssql"
+        volumeClaimTemplates:
+        - metadata:
+            name: mssql
+            annotations:
+              k8s.score.dev/source-workload: {{ .SourceWorkload }}
+              k8s.score.dev/resource-uid: {{ .Uid }}
+              k8s.score.dev/resource-guid: {{ .Guid }}
+            labels:
+              app.kubernetes.io/managed-by: score-k8s
+              app.kubernetes.io/name: {{ .State.service }}
+              app.kubernetes.io/instance: {{ .State.service }}
+          spec:
+            accessModes: ["ReadWriteOnce"]
+            resources:
+              requests:
+                storage: 1Gi
+    - apiVersion: v1
+      kind: Service
+      metadata:
+        name: {{ .State.service }}
+        annotations:
+          k8s.score.dev/source-workload: {{ .SourceWorkload }}
+          k8s.score.dev/resource-uid: {{ .Uid }}
+          k8s.score.dev/resource-guid: {{ .Guid }}
+        labels:
+          app.kubernetes.io/managed-by: score-k8s
+          app.kubernetes.io/name: {{ .State.service }}
+          app.kubernetes.io/instance: {{ .State.service }}
+      spec:
+        selector:
+          app.kubernetes.io/instance: {{ .State.service }}
+        type: ClusterIP
+        ports:
+        - port: 1433
+          targetPort: 1433
\ No newline at end of file