Azure SQL doesn't support many of the encryption features found in SQL Server (Table and Column encryption). What is the best practice for doing application level encryption into a database that doesn't support encryption? Also need
- Key rotations
- metadata mapping of which tables and which columns are encrypted. This is simple when it's just couple of columns (send an email to all devs/document) but that quickly gets out of hand
If someone would like to recommend a library, I'd be happy to stay away from "DIY" too.
1 Answer 1
I think that your problem can be solved with the MS framework called "Trust Services". Buck Woody explains in this article how you can use it to solve problems of encrypted data with SQL Azure. From his article, a short description about how to use Trust Services:
"With the new Trust Services service, the basic process is that you use a Portal to create a Trust Server using policies and other controls. You place a X.509 Certificate you create or procure in that server. Using the Software development Kit (SDK), the developer has access to an Application Layer Encryption Framework to set fields of data they want to encrypt. From there, the data can be stored in SQL Azure as a standard field – only it is encrypted before it ever arrives."
Further reference:
-
It's not a very good fit because Trust Services adds another unique server to the topology. If there is something we can bolt onto the (Web)Application server or the SQL server that would stick out less as a sore thumb. Also, I think it doesn't address #2 above in the questionDeepSpace101– DeepSpace1012012年11月21日 22:36:39 +00:00Commented Nov 21, 2012 at 22:36