cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Enabling Azure Key Vault for SQL Server on Linux
By
Aravind-MSFT
Published Mar 20 2024 04:30 AM 2,014 Views
Aravind-MSFT
Microsoft
‎Mar 20 2024 04:30 AM

Enabling Azure Key Vault for SQL Server on Linux

‎Mar 20 2024 04:30 AM

Enhancing Security with EKM using Azure Key Vault in SQL Server on Linux:

 

We’re excited to announce that Extensible Key Management (EKM) using Azure Key Vault in SQL Server on Linux is now generally available from SQL Server 2022 CU12 onwards, which allows you to manage encryption keys outside of SQL Server using Azure Key Vaults.

In this blog post, we’ll explore how to leverage Azure Key Vault as an EKM provider for SQL Server on Linux.

Azure Key Vault: The Bridge to Enhanced Security

is a cloud-based service that securely stores keys, secrets, and certificates. By integrating Azure Key Vault with SQL Server, you can benefit from its scalability, high performance, and high availability. Refer Set up Transparent Data Encryption (TDE) Extensible Key Management with Azure Key Vault - SQL Server... for more details.  

Setting Up EKM with Azure Key Vault

Here’s a streamlined version of the setup process for EKM with Azure Key Vault on SQL Server for Linux:

  1. Initialize a Microsoft Entra service principal.
  2. Establish an Azure Key Vault.
  3. Set up SQL Server for EKM and register the SQL Server Connector.
  4. Finalize SQL Server configuration.

 

The full guide for setting up AKV with SQL Server on Linux is available here Set up Transparent Data Encryption (TDE) Extensible Key Management with Azure Key Vault - SQL Server... . For SQL on Linux, omit steps 3 and 4 and proceed directly to step 5. I’ve included screenshots below for your quick reference that covers the SQL Server configuration to use AKV.

Run the below commands to enable EKM in SQL Server and register the SQL Server Connector as EKM provider.

 

AravindMSFT_0-1710934120016.png

 

 

AravindMSFT_1-1710934120030.png

 

AravindMSFT_2-1710934120052.png

 

 

AravindMSFT_3-1710934120058.png

 

 

Please note: SQL Server requires manual rotation of the TDE certificate or asymmetric key, as it doesn’t rotate them automatically. Regular key rotation is essential for maintaining security and effective key management.

 

Conclusion

Using Azure Key Vault for EKM with SQL Server on Linux boosts security, streamlines key management, and supports compliance. With data protection being paramount, Azure Key Vault’s integration offers a robust solution. Stay tuned for more insights on SQL Server on Linux! :old_key:️:locked: 

 

Official Documentation:

  1. Extensible Key Management using Azure Key Vault - SQL Server
  2. Setup Steps for Extensible Key Management Using the Azure Key Vault
  3. Azure Key Vault Integration for SQL Server on Azure VMs

 

 

Co-Authors
Version history
Last update:
‎Mar 20 2024 04:32 AM
Updated by:
Labels