Database

Microsoft SQL Server Always Encrypted

2min

This document provides information about configuring our HSMs with Microsoft SQL Server Always Encrypted by using

 CNG libraries. For additional questions about your HSM, see the relevant administrator guide.

About Microsoft SQL Server Always Encrypted

The Microsoft SQL Server Always Encrypted feature ensures sensitive data remains encrypted both in transit and at rest, with encryption and decryption occurring on the client side. It uses a Column Master Key (CMK) to protect the Column Encryption Key (CEK), which encrypts the data in database columns. This approach keeps data encrypted even in memory, protecting it from high-privilege database users. Always Encrypted supports deterministic and randomized encryption, enabling secure operations while restricting certain SQL functionalities. It's ideal for protecting PII, financial data, and other confidential information, enhancing security and compliance.

Purpose of the integration

Through the

 CNG library, Microsoft SQL Server can use a

HSM for key management and encryption acceleration. The HSM generates and stores the Microsoft SQL Always Encrypted Column Master Key (CMK), protecting it from disclosure.

Guardian integration





Updated 25 Aug 2024
Did this page help you?