2

I read the below blog for implementing the encryption concept in my application but in my application I have used code first migrations concept for performing CRUD operations on Azure SQL database. But this blog explains the encryption concept with plain SQL queries on Azure SQL database.

Always Encrypted: Protect sensitive data in SQL Database and store your encryption keys in Azure Key Vault

https://learn.microsoft.com/en-us/azure/sql-database/sql-database-always-encrypted-azure-key-vault

How can I implement the always encrypted concept for code first migration scenarios implemented in web applications?

halfer
  • 19,824
  • 17
  • 99
  • 186
Pradeep
  • 5,101
  • 14
  • 68
  • 140

1 Answers1

1

As this official blog mentioned about using Always Encrypted with EF6:

Entity Framework 6 was not designed from the start to work with the Always Encrypted feature of SQL Server 2016. However, a lot of effort has gone into making the feature work as transparently as possible with existing code.

For Code First migrations scenario:

Migrations will require substantial tweaking – Entity Framework is not aware of the Column Master Keys and Column Encryption and has no way to model them, so this needs to be compensated by user.

You could remove encrypted properties from the migration code, ALTER TABLE to add encrypted columns, then Update-Database. And it is recommended to use Migrations over Initializers when working with encrypted columns, which could include seeding the database with initial data. For more details, you could refer to this blog.

Bruce Chen
  • 18,207
  • 2
  • 21
  • 35