Internet Explorer was retired on June 15, 2022
SQL Server Connector
The SQL Server Connector for Microsoft Azure Key Vault enables SQL Server encryption to use the Microsoft Azure Key Vault as an extensible key management (EKM) provider to protect its encryption keys.
1.9 MBThe SQL Server Connector for Microsoft Azure Key Vault enables SQL Server encryption to use the Microsoft Azure Key Vault as an extensible key management (EKM) provider to protect its encryption keys.
An organization can use SQL Server encryption to protect sensitive data. SQL Server encryption includes Transparent Data Encryption (TDE), Column Level Encryption (CLE), and Backup Encryption. In all of these cases the data is encrypted using a symmetric data encryption key. The symmetric data encryption key is further protected by wrapping (encrypting) it with an asymmetric key. The EKM provider architecture lets Microsoft SQL Server leverage the security of the Azure Key Vault as an external cryptographic provider to store and manage the asymmetric keys and perform data encryption key wrapping and unwrapping functions.
Azure Key Vault helps safeguard cryptographic keys and secrets used by cloud applications and services. By using Azure Key Vault, you can encrypt keys and secrets (such as authentication keys, storage account keys, data encryption keys, .PFX files, and passwords) by using keys that are protected by hardware security modules (HSMs). For added assurance, you can import or generate keys in HSMs (keys never leave the HSM boundary). HSMs are certified to FIPS 140-2 level 2.
The download consists of the SQL Server Connector as well as Sample Scripts to enable a SQL Server Administrator learn how to configure the Connector and enable SQL Server Encryption scenarios. For more information, review the topic Extensible key management using Key Vault (SQL Server).
Use the Azure Key Vault forum to ask questions, share insights and discuss the SQL Server Connector.
Starting with version 22.214.171.124, the SQL Server Connector reports relevant error messages to the Windows event logs for troubleshooting.
Starting with version 126.96.36.199, there is support for private Azure clouds, including Azure China, Azure Germany, and Azure Government.
Starting with version 188.8.131.52 (August 2020), the SQL Server Connector supports filtering messages and network request retry logic
Supported Operating Systems
Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012The SQL Server versions supported are:
- SQL Server 2019 RTM Enterprise 64-bit
- SQL Server 2017 RTM Enterprise 64-bit
- SQL Server 2016 RTM Enterprise 64-bit
- SQL Server 2014 RTM Enterprise 64-bit
- SQL Server 2012 SP2 Enterprise 64-bit
- SQL Server 2012 SP1 CU6 Enterprise 64-bit
- SQL Server 2008 R2 SP2 CU8 Enterprise 64-bit
On SQL Server 2008 and 2012 versions lower than the ones listed above, the patch specified in the following kb needs to be installed: http://support2.microsoft.com/kb/2859713.
The SQL Server Connector for Microsoft Azure Key Vault also requires .NET Version 4.5.1 on the Microsoft SQL Server Virtual Machine on Azure. This should be installed before you install the Connector.
Have the appropriate version of the Visual Studio C++ redistributable installed based on the version of SQL Server that you are running: for SQL Server versions 2008, 2008 R2, 2012, and 2014, install the 2013 Visual C++ Redistributable; for SQL Server 2016, install the 2015 Visual C++ Redistributable.
- 1. Click the Download button on this page to start the download.
2. Do one of the following:
- To start the installation immediately, click Run.
- To save the download to your computer for installation at a later time, click Save.
- To cancel the installation, click Cancel.
To upgrade the SQL Server Connector (Version: 184.108.40.206 with a date of September 2020) to the latest version DLL Crypto provider, you must follow these steps.
- Stop SQL Server service using SQL Server Configuration Manager
- Uninstall the old version using Control Panel\Programs\Programs and Features
- Install (upgrade) new SQL Server Connector for Microsoft Azure Key Vault
- Start SQL Server service
- Test encrypted DB(s) is/are accessible