Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider Namespace

Reference

Important

Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

Classes

SqlColumnEncryptionAzureKeyVaultProvider

Implementation of column master key store provider that allows client applications to access data when a column master key is stored in Microsoft Azure Key Vault.

For more information on Always Encrypted, please refer to: https://aka.ms/AlwaysEncrypted.

A Column Encryption Key encrypted with certificate store provider should be decryptable by this provider and vice versa.

Envelope Format for the encrypted column encryption key : version + keyPathLength + ciphertextLength + keyPath + ciphertext + signature

version: A single byte indicating the format version.
keyPathLength: Length of the keyPath.
ciphertextLength: ciphertext length
keyPath: keyPath used to encrypt the column encryption key. This is only used for troubleshooting purposes and is not verified during decryption.
ciphertext: Encrypted column encryption key
signature: Signature of the entire byte array. Signature is validated before decrypting the column encryption key.

Share via

Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider Namespace

Classes

Additional resources