SQL Server Connector for Azure Key Vault Public Preview Refresh Now Available


Today’s blog post comes courtesy of Sunil Pai and myself.

As a SQL database administrator you know that one of your top challenges is securing the data in your databases. There are a lot of things you need to do to secure a SQL Server deployment and one of your most important tasks is to encrypt the sensitive data in your databases. You might be doing that now by taking advantage of SQL Server Transparent Data Encryption (TDE), Column Level Encryption (CLE) and Backup encryption.

If you’re using these encryption technologies, you’re probably using a symmetric key located on the server for encryption. To protect this key, you are most likely using a certificate on the SQL Server itself to encrypt the symmetric key. If your server (either physical or virtual) were compromised, that could put your certificate, symmetric keys and data all at risk

What if there was a better way? What if you could put the asymmetric key in an external key management system that leverages hardware security modules (HSMs) so that keys highly protected?

If you use Microsoft Azure security capabilities, you’ll have that better way.

How? By taking advantage of Azure’s key management system in the cloud, Azure Key Vault. You can use the SQL Server Connector for Microsoft Azure Key Vault to leverage the scalable, high performance, and highly available Key Vault service as an Extensible Key Management (EKM) provider for encryption key protection. By shifting the master encryption keys off the SQL Server machine, you separate the management of data from the management of keys.

You can get the August 14, 2015 release of the Public Preview refresh from the Microsoft Download Center.  

This Public Preview refresh addresses feedback received for the Jan 8, 2015 release of the Connector Public Preview. This new release also enables SQL Server to use the GA version of the Key Vault service. Note that the previous Connector used a prior version of the Key Vault service; that version of the service will be deprecated soon. If you are using the Connector today, we advise you to upgrade to the latest version of the SQL Server Connector as soon as possible to avoid service disruption.

For more details on how the connector works, check out Sunil’s post on the Azure Key Vault blog.

The SQL Server Connector team thanks you for the feedback so far and invites further engagement and feedback using the Public Preview refresh version. You can provide feedback by:


Sunil Pai
Principal Program Manager, Azure Security Engineering
Tom Shinder
Program Manager, Azure Security Engineering
@tshinder | Facebook | LinkedIn | Email | Web | Bing me! | GOOG me!