Getting Started with Always Encrypted using PowerShell

In the previous articles from the Always Encrypted blog series, we demonstrated how to configure Always Encrypted using SQL Server Management Studio. In this article, we will show you how to configure Always Encrypted from the command line, using PowerShell. Prerequisites To try the examples in this article, you need: A database, named Clinic, hosted… Read more

Parameterization for Always Encrypted – Using SSMS to Insert into, Update and Filter by Encrypted Columns

SQL Server  Management Studio 17.o (the next major update of SSMS, currently available as a Release Candidate) introduces two important capabilities for Always Encrypted: Ability to insert into, update and filter by values stored in encrypted columns from a Query Editor window. The new online encryption algorithm, exposed in the Set-SqlColumnEncryption PowerShell cmdlet, which makes tables available… Read more

Always Encrypted in Azure SQL Database is Generally Available

I’m happy to announce Always Encrypted in Azure SQL Database is now generally available! Always Encrypted is a feature designed to ensure sensitive data and its corresponding encryption keys are never revealed in plaintext to the database system. With Always Encrypted enabled, a SQL client driver encrypts and decrypts sensitive data inside client applications or application servers,… Read more

Developing Databases using Always Encrypted with SQL Server Data Tools

We are excited to announce that SQL Server Data Tools (SSDT) now supports developing databases using Always Encrypted. Always Encrypted is a feature in SQL Server 2016 and Azure SQL Database that ensures your sensitive data is never revealed in plaintext to the database system. An Always Encrypted-enabled client driver achieves that by transparently encrypting and… Read more

Best Practices for Moving Data Encrypted with Always Encrypted

With the introduction of Always Encrypted, Microsoft’s SQL platform (SQL Server 2016 and SQL Azure DB) protects sensitive data in use (during transactions and computations) without requiring any significant re-work in your applications. In a typical scenario, a client application is set up with Always Encrypted enabled in the database connection string. This instructs the… Read more

Using SQL Server Integration Services (SSIS) with Always Encrypted

We would like share a couple of links to two articles, just published on SQL Server IntegrationServices (SSIS) Blog, which provide guidance for how to use SSIS with Always Encrypted: SSIS with Always Encrypted Lookup transformation with Always Encrypted… Read more

Using Hardware Security Modules with Always Encrypted

Using Hardware Security Modules with Always Encrypted In the examples from the previous articles on Always Encrypted, we demonstrated column master keys stored in Windows Certificate Store and in Azure Key Vault. In this article, we will introduce yet another option: storing column master keys in hardware security modules (HSMs). HSM Primer and Introduction to… Read more

Using the Azure Key Vault Key Store Provider for Always Encrypted

During the SQL PASS Summit 2015, we released a custom key store provider that enables support for column master keys stored in Azure Key Vault to Nuget.org.  As you may recall, an earlier blog post discussed the process of creating a custom key store provider using Azure Key Vault as an example key store.  That… Read more

Public Preview of Always Encrypted in Azure SQL Database

Always Encrypted is now available for public preview in all service tiers of Azure SQL Database V12. You can use Always Encrypted to ensure sensitive data, such as credit card numbers, is encrypted and decrypted inside client applications or application servers, using keys that are never revealed to Azure SQL Database. As a result, even… Read more

SSMS Encryption Wizard – Enabling Always Encrypted in a Few Easy Steps

As we explained in the previous articles, Always Encrypted is a client-side encryption technology – the database system (SQL Server or Azure SQL Database) does not have access to plaintext encryption keys and cannot encrypt or decrypt data protected with Always Encrypted. Consequently, enabling Always Encrypted in a database requires the use of client-side tools to… Read more