I need to encrypt credit card no in a way that nobody can view the actual no. Moreover, I don't want to store my encryption key information in SQL Server
Asked
Active
Viewed 72 times
-2
-
if the developers are not sysadmin's on the box,this can work – TheGameiswar Sep 13 '17 at 17:15
-
1_no body can view_ - who are "nobody"? Admins, developers, users? – Aleks Andreev Sep 13 '17 at 17:26
-
no body means no one. – Ghulam Haider Sep 14 '17 at 18:20
2 Answers
1
Dynamic Data Masking may be used in this scenario. Learn more about it here.
Hope this helps.
Alberto Morillo
- 13,893
- 2
- 24
- 30
-
even thought the link may answer the question,it's a good practice to share some content from the link which can answer the question..Link only answers are not encouraged – TheGameiswar Sep 14 '17 at 09:30
1
You can give a try on Azure Always Encryption.
It has the following benefits:
- Through out the network, the Data's will be encrypted.(I've Provided an Example here)
As you mention, storing encrypted key in SQL-Server is not a good practice at all. In Azure Always Encryption, you have a flexibility to store your Encryption key in various Locations like MSSQL_CERTIFICATE_STORE ,MSSQL_CSP_PROVIDER,MSSQL_CNG_STORE,Azure_Key_Vault(Even you can create your own custom key store provider too)- Find the details in here
It can support in Azure-SQL and also On-Premises SQL Server (Starting from 2016)
Jayendran
- 9,638
- 8
- 60
- 103