Microsoft states that the SQL Server Connector is currently in public preview, and the company is at the moment working on creating a more lightweight and more secure SQL Server Connector. It no longer runs asa service and the company has simplified it down to a single DLL. The latest version of SQL Server Connection is now available at
Microsoft Download Center.
Image Source: blogs.msdn.microsoft.com
For users who are familiar with the SQL Server Connector, it would enable SQL Server to use Azure Key Vault as an Extensible Key Management (EKM) Provider for its SQL encryption keys. This means that you can now easily use your own encryption keys and protect them in Azure Key Vault, which is a cloud based external key management system, and it offers central key management, leverages hardware security modules (HSMs) and also allows separation of management of keys and data for additional security. This is now available for the SQL encryption keys used in Transparent Data Encryption (TDE), Column Level Encryption (CLE), and Backup encryption.
When you are using the SQL encryption technologies, your data is encrypted with the symmetric keys, which is known as database encryption key, that is stored in the database. Customarily (without Azure Key Vault), a certificate that SQL Server manages would protect the data encryption key (DEK). With the Azure Key Vault integration for the SQL Server through the SQL Server Connector, you will be able to protect the DEK with an asymmetric key which is stored in the Azure Key Vault. This way, you can assume control over the key management, and have it be in a separate key management service outside of SQL Server.
The SQL Server Connector is now available to SQL Server and SQL laaS users. For SQL Server on-premises scenarios, and it can be downloaded while following the set up for Azure Key Vault for SQL Server as described
here. For SQL laaS scenarios, the SQL Server Connector can easily be installed from
here, and it automates most of the configuration for accessing Azure Key Vault through SQL Server in an Azure VM.
Microsoft concluded by
saying,
“The SQL Server Connector for Microsoft Azure Key Vault is available for all Enterprise versions of SQL Server starting with 2008/2008 R2 through the recently released version of 2016.”