Always Encrypted is now available for public preview in all service tiers of Azure SQL Database V12. You can use Always Encrypted to ensure sensitive data, such as credit card numbers, is encrypted and decrypted inside client applications or application servers, using keys that are never revealed to Azure SQL Database. As a result, even database administrators, other high privilege users, or attackers gaining illegal access to Azure SQL Database will not be able to access the data.
To get started with Always Encrypted, you will need:
- SQL Server Management Studio (October 2015 preview – version 13.0.700.242, or later) to provision Always Encrypted keys and set up encryption for selected columns within the database.
- An Always Encrypted-enabled SQL client driver, such as ADO.NET in .NET Framework 4.6, which you need to install on machines hosting your client applications or application servers.
This blog already contains multiple articles on Always Encrypted, which are relevant for both SQL Server 2016 and Azure SQL Database V12 and can help you start using the feature. In particular:
- For how to create a new database schema using Always Encrypted and develop a simple application accessing encrypted columns, see Getting Started With Always Encrypted.
- For how to encrypt selected columns in an existing database, see SSMS Encryption Wizard – Enabling Always Encrypted in a Few Easy Steps.
- For how to develop a web application using Always Encrypted, see Developing Web Apps using Always Encrypted.
For additional information, please see Always Encrypted (Database Engine).