database encryption -Failed to decrypt a column encryption key using key store provider: 'AZURE_KEY_VAULT'

Question

I have SQL Server database [Always Encrypt]. one of the table some columns is encrypted. when I am trying to query the table with an encrypted column but I am getting the following error. I also used "Column Encryption Setting=enabled".

Msg 0, Level 11, State 0, Line 0 Failed to decrypt column 'FirstName'. Msg 0, Level 11, State 0, Line 0 Failed to decrypt a column encryption key using key store provider: 'AZURE_KEY_VAULT'. Verify the properties of the column encryption key and its column master key in your database. The last 10 bytes of the encrypted column encryption key are: '63-02-3F-0A-FD-F3-FF-DB-1B-03'. Msg 0, Level 11, State 0, Line 0 One or more errors occurred.

Please help me.

I want to solution of my query.

Answer 1

Msg 0, Level 11, State 0, Line 0 Failed to decrypt column 'FirstName'. Msg 0, Level 11, State 0, Line 0 Failed to decrypt a column encryption key using key store provider: 'AZURE_KEY_VAULT'. Verify the properties of the column encryption key and its column master key in your database. The last 10 bytes of the encrypted column encryption key are: '63-02-3F-0A-FD-F3-FF-DB-1B-03'. Msg 0, Level 11, State 0, Line 0 One or more errors occurred.

Other SQL Admins that are not defined in your Azure Key Vault policy will not have permissions to decrypt the column data.

Go into our Key Vault and grant Azure AD user the permission in our Access Policy.

• Select Access Policies from the Key Vault
• Click the "add new" link/button at the top
• Select Azure AD user that you are using
• From the Key permissions drop down, make sure you give it "Decrypt", "Sign", "Get", "UnwrapKey","View","List" permissions
• Make sure to save changes

Reference: SQL Always Encrypted Column Access using Azure Key Vault