I have an existing API based on .NET 7 with Entity Framework, which is functioning properly. My company plans to implement column encryption, and I have successfully configured it in Azure SQL Database and Azure Key Vault. However, I encountered an error when connecting my API application to the database.
This is the error I got
Failed to decrypt a column encryption key using key store provider: 'AZURE_KEY_VAULT'. Verify the properties of the column encryption key and its column master key in your database. The last 10 bytes of the encrypted column encryption key are: '00-E6-67-F0-EF-A1-85-AD-94-7E'.\r\nInvalid Azure Key Vault key path specified: 'https://{testtest}.vault.azure.net/keys/{testtest}/a5949e32107f409f9a509c5385fb4eed'. Valid trusted endpoints: https://{testtest}.vault.azure.net/. (Parameter 'masterKeyPath')
I have tried many solutions from the internet, but unfortunately, the error still persists. Regarding permissions, I have made multiple adjustments to ensure that my Azure-registered application, database, and key vault have access. However, I am not an expert on this matter, and I am still unsure whether the configuration is correct. Key Vault Access policies screenshot
This is my API connection string, code and etc:
Connection string
"Server=lalalala.database.windows.net;Database=lalala;User=lalala;Password=lalala;Column Encryption Setting=enabled;"
The current package that I'm using
<PackageReference Include="Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider" Version="3.0.0" />
Sample code screenshot
The following are the articles or posts that i have lookup
