Database Administrators Stack Exchange
Database Administrators Stack Exchange

Questions tagged [always-encrypted]

Always Encrypted is a feature of Microsoft SQL Server 2016 and Azure SQL Database, designed to protect sensitive data. It allows client applications to encrypt sensitive data without revealing the encryption keys to the database engine, so the data cannot be accessed either in flight, in server memory, or at rest.

Always Encrypted is a feature of Microsoft SQL Server 2016 and Azure SQL Database, designed to protect sensitive data. It allows client applications to encrypt sensitive data without revealing the encryption keys to the database engine, so the data cannot be accessed either in flight or at rest.

See MSDN for more details.

70 questions
41
votes
2 answers

In SQL Server 2016, what is the difference between Always Encrypted and Transparent Data Encryption?

As I write this I am still awaiting the official release of SQL Server 2016 so that we can explore the usefulness of its "Always Encrypted" feature. I would just like to know what the specific differences will be between Always Encrypted & the…
RoastBeast
  • 679
  • 2
  • 7
  • 13
8
votes
1 answer

Combining Always Encrypted AND Column level encryption in SQL Server 2016

We have requirements to encrypt sensitive column data using SQL Server 2016 and selected the Always Encrypted(AE) feature to encrypt those columns using deterministic approach.. Since, the AE deterministic encryption doesn't allow inequality, range,…
Sri
  • 403
  • 6
  • 16
7
votes
1 answer

Always Encrypt and SSIS - Security Risk

We have a database using the AlwaysEncrypted feature of SQL Server 2016. We need to create SSIS packages (deployed on SSISDB) for certain application tasks. What options we have to store the key securely so those SSIS packages can use that key to…
user119798
  • 71
  • 2
6
votes
1 answer

Always Encrypted: How to insert or update encrypted columns?

I have configured 'Always Encrypted' on one of the columns of a table of my SQL Server database. I am able to select and view data from client SSMS after passing the 'Column Encryption Setting = Enabled' option. But when I am trying to insert data…
SSS
  • 397
  • 1
  • 9
  • 16
6
votes
2 answers

Can SQL Server Always Encrypted be used for temporary tables?

I'm trying to determine if I can use Always Encrypted on a column in a temporary table (SQL Server 2016 SP1 Enterprise on Windows 2016). I've tried as follows: CREATE TABLE #listofdates (compare_dt datetime2(7) encrypted with ( …
M Herbener
  • 213
  • 1
  • 8
5
votes
1 answer

How to renew or extend the CMK Certificate in Always Encrypted feature?

I have implemented Always Encrypted feature in SQL Server 2016. The CMK is valid for one year. How do I renew it, or extend the validity?
Sri
  • 403
  • 6
  • 16
5
votes
2 answers

Is it possible to bulk insert data into a table that has columns encrypted with Always Encrypted?

In SSMS we are attempting to bulk insert from a csv file into a table that has a column encrypted using SQL Server 2016's Always Encrypted feature. This is the command we're using: INSERT INTO membersE SELECT * FROM OPENROWSET( BULK…
RoastBeast
  • 679
  • 2
  • 7
  • 13
4
votes
1 answer

Do signed certificates from public certificate authorities add any value for always encrypted?

If I create Always Encrypted columns in Microsoft SQL Server from the SSMS gui, it makes a self signed certificate. Is there any value in making a CSR and paying a certificate authority (or using letsencrypt.org) to make a certificate? Does that…
Justin Dearing
  • 2,717
  • 6
  • 36
  • 52
3
votes
2 answers

Is self signed cert the standard practice for SQL Server Always Encrypted?

We're implementing SQL Server Always Encrypted in our 2019 environment. We've done several successful POC's over the last few months, but in moving the solution to Prod, I was expecting to use a Public Trusted CA for the certificates. But now,…
Emo
  • 143
  • 1
  • 7
3
votes
1 answer

Always Encrypted: How do I do an equality join with a non-encrypted column to a deterministic encrypted column?

The official Microsoft documentation for Always Encrypted on SQL Server 2017 states: Deterministic encryption always generates the same encrypted value for any given plain text value. Using deterministic encryption allows point lookups, equality…
John G Hohengarten
  • 674
  • 1
  • 7
  • 18
3
votes
2 answers

Encryption of Data, Log and Backup files using Always Encrypted in SQL Server 2016

When we implement the Always Encrypted feature in SQL Server 2016, do the .mdf files, .ldf files and .bak files get encrypted as well? I would like to know if the data/log/backup files gets encrypted or not.
Sri
  • 403
  • 6
  • 16
3
votes
1 answer

What are the advantages of Always Encrypted 2016 vs Encrypted Columns?

I was reading about SQL Encryption methods, I have a good understanding of TDE, then I read about Encrypted Columns and then I read about Always Encrypted. The description of Always Encrypted is very lengthy and detailed, but the text with Encrypted…
gareth
  • 369
  • 3
  • 8
3
votes
2 answers

Always Encrypted - Out of Memory Exception when attempting to encrypt a column in a table

Using Always Encrypted we are attempting to encrypt one column of type varchar(50) in a table that contains 5.5 million rows with the deterministic encryption. After a while the wizard returns failure due to the following error: Exception of type…
RoastBeast
  • 679
  • 2
  • 7
  • 13
3
votes
2 answers

What is the MySQL equivalent of SQL Server 2016 Always Encrypted technology?

What is the MySQL equivalent of SQL Server 2016 Always Encrypted technology or is there anything similar in MySQL that can act as AE?
dwkd
  • 131
  • 3
3
votes
1 answer

Clarification on SQL Server 2016 Always Encrypted

We are planning out a move from SQL Server 2008 to SQL Server 2016. One of the key requirements for us is to have encryption at rest at a minimum. We have been considering SQL Server Enterprise as it includes TDE though now with SQL Server 2016…
PartnersMan
  • 33
  • 2
1
2 3 4 5