0

I am evaluating Always Encrypted feature in SQL Server 2016.

One of the options to store CMK is windows certificate store i.e. User/LocalMachine. If you want to allow other machines to have access to the data in un-encrypted format you need to import the same certificate in other machines. All this was fairly simple and I could do it easily.

Now I created and stored my CMK in a "Microsoft Software Key Storage Provider".

How can I import this CMK in other machines?

jarlh
  • 42,561
  • 8
  • 45
  • 63
Aashish Upadhyay
  • 840
  • 1
  • 7
  • 22
  • I'm pretty sure the point of a key storage provider is that you don't have to maintain copies of keys on other machines. From BOL: Centralized Key Stores - serve applications on multiple computers. An example of a centralized key store is Azure Key Vault. A centralized key store usually makes key management easier because you don't need to maintain multiple copies of your column master keys on multiple machines. You need to ensure that your applications are configured to connect to the centralized key store. – dfundako Aug 19 '16 at 15:30
  • @dfundako is there any documentation on how to achieve that? Microsoft has explained it so well for keys managed in Windows certificate store. I could'nt find anything related to Microsoft Software Key Storage Provider – Aashish Upadhyay Aug 19 '16 at 15:35

1 Answers1

0

To provision a column master key using Microsoft Software Key Storage Provider in SSMS, you need to use the New Column Master Key dialog: select Key Store Provider (CNG) as an Always Encrypted key store provider, and then select Microsoft Software Key Storage Provider. You will find the detailed instructions here: https://msdn.microsoft.com/en-us/library/mt757096.aspx#Anchor_2 .

Here is the example showing how to configure a column master key using Microsoft Software Key Storage Provider in PowerShell: https://msdn.microsoft.com/en-us/library/mt732057.aspx#Anchor_3.

Jakub Szymaszek - Microsoft
  • 586
  • 3
  • 3