Install the SQL Server Connector for Microsoft Azure Key Vault
This is Part:1 of a 4-part blog series:
This blog in the series installs the SQL Server Connector for Microsoft Azure Key Vault. This DLL is the provider that allows SQL Server to talk to Azure Key Vault.
Download the SQL Server Connector from the Microsoft Download Center. (The download/install should be done by a “local administrator” on the SQL Server computer.)
Versions 220.127.116.110 and older have been replaced and are no longer supported in production environments.
Upgrade to version 18.104.22.168 or later by visiting the Microsoft Download Center
and using the instructions on the SQL Server Connector Maintenance & Troubleshooting
page under “Upgrade of SQL Server Connector.”
There is a breaking change in 22.214.171.124 version, in terms of the thumbprint algorithm.
You may experience database restore failure after upgrading to 126.96.36.199 version.
Please refer KB article 447099.
By default, the connector installs at C:Program FilesSQL Server Connector for Microsoft Azure Key Vault. This location can be changed during setup. (If changed, adjust the scripts as appropriate.)
There is no interface for the Connector, but if it is installed successfully, the Microsoft.AzureKeyVaultService.EKM.dll file is installed on the machine.
This is the cryptographic EKM provider DLL that needs to be registered with SQL Server by using the CREATE CRYPTOGRAPHIC PROVIDER statement.
The SQL Server Connector installation also allows you to optionally download sample scripts for SQL Server encryption.
You can validate by navigating to the installation path, right-click on the file, select “properties”, select the Details tab and validate the Product version as: 1.0.50.
To view error code explanations, configuration settings, or maintenance tasks for SQL Server Connector, visit the appendix at the bottom of this topic:
- A. Maintenance Instructions for SQL Server Connector
- C. Error Code Explanations for SQL Server Connector
See you at the next blog (Part: 2)
|SQL Server Transparent Data Encryption and Extensible Key Management Using Azure Key Vault – Intro|
SQL Server Connector for Microsoft Azure Key Vault (aka: SQL Server Connector) – Part: 1 (this document)
Azure Portal Method
Set up an Azure Active Directory Service Principal – Part: AP2
Setup Azure Active Directory Service Principal and Azure Key Vault (one script) – Part: PS2
This script combines Part: AP2 & Part:AP3
Create an Azure Key Vault – Part: AP3
Configure SQL Server TDE EKM using AKV – Part: 4