Manage keys for Always Encrypted with secure enclaves

THIS TOPIC APPLIES TO:yesSQL Server (Windows only) noAzure SQL DatabasenoAzure Synapse Analytics (SQL DW) noParallel Data Warehouse

Always Encrypted with secure enclaves extends key management for Always Encrypted by introducing enclave-enabled keys:

  • Enclave-enabled column master key - a column master key that is created with the ENCLAVE_COMPUTATIONS property specified in the column master key metadata object inside the database.
  • Enclave-enabled column encryption key - a column encryption key that is encrypted with an enclave-enabled column master key. Only enclave-enabled column encryption keys can be used for computations inside a server-side secure enclave.

The general guidelines and processes for managing Always Encrypted keys apply to managing enclave-enabled keys.

Managing keys

The following articles discuss the aspects specific to managing enclave-enabled keys.

Next Steps

See Also