Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Always Encrypted - get it working #56

Closed
lokmannicholas opened this issue Sep 16, 2022 · 5 comments · Fixed by #116
Closed

Always Encrypted - get it working #56

lokmannicholas opened this issue Sep 16, 2022 · 5 comments · Fixed by #116
Assignees
@shueybubbles
Labels
Priority: 1 High priority/impact
Milestone
Always Encrypted P1

Comments

@lokmannicholas
Copy link

  • What is the correct connection string for Always Encrypt?
  • How to integrate with Key Vault?
  • Any example to Insert or Update the data?

I have an issue with updating an encrypted field.
For example:
My table members has an column dob which is encrypted

I can exec it in Azure studio, but cannot implement in code.

DECLARE @dob varchar(10) = '2022-06-01';
Update members SET dob  = @dob where id = '123';

I always get The encryption scheme for the columns/variables is (encryption_type = 'PLAINTEXT') and the expression near line '2' expects it to be DETERMINISTIC, or PLAINTEXT.

Thanks
@wcraigjones
Copy link

Did you have any success getting this to work @lokmannicholas ?

@shueybubbles
Copy link
Collaborator

Does this driver even claim support for AE? It looks like this PR never got in:
denisenkom#637

@nicholas-atg
Copy link

Did you have any success getting this to work @lokmannicholas ?

it doesn't work, i am finding someone to make it work together @@

@timothytavarez
Copy link

timothytavarez commented Jan 11, 2023
edited

@shueybubbles Is it possible to raise some attention on this? Always Encrypted is in a bad place right now with language support outside of the C#/.NET/Java ecosystems. *Open source SQL drivers have MSSQL as an afterthought, and ODBC C++ wrappers have very mixed support (such as in the case of this situation).

I'm trying really hard to use Azure SQL for its Always Encrypted with Secure enclaves capabilities in a solution I'm building, but it is getting harder and harder to justify.

@shueybubbles shueybubbles changed the title Always Encrypt example code? Always Encrypted - get it working Feb 17, 2023
@shueybubbles shueybubbles added the v2-candidate Nominate PR or Issue for V2 project label Feb 17, 2023
@grrlgeek grrlgeek added the Priority: 1 High priority/impact label May 3, 2023
@shueybubbles shueybubbles self-assigned this May 18, 2023
@shueybubbles shueybubbles added this to the Always Encrypted P1 milestone May 18, 2023
@shueybubbles
Copy link
Collaborator

We are building a multi-phase plan for AE. Each phase corresponds to a complete set of functionality that can be released.
Phase 1 -
a. Define the connection string (including enclave settings)
b. Define a key provider interface, including how to pass along authentication parameters
c. Implement the AKV key provider
d. Configurable CEK cache
e. E2E testing of decrypting using AKV. This part will likely be done internally since it requires a real Azure sub.
Phase 2 -
a. Support for encryption of parameters in parameterized queries
b. Add a local certificate key provider
c. Enclaves
Phase 3 -
a. Performance tuning

@grrlgeek grrlgeek removed the v2-candidate Nominate PR or Issue for V2 project label May 22, 2023
@shueybubbles shueybubbles mentioned this issue Jul 11, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@shueybubbles shueybubbles

Labels
Priority: 1 High priority/impact
Projects
None yet
Milestone
Always Encrypted P1
Development

Successfully merging a pull request may close this issue.

Start Always Encrypted feature branch microsoft/go-mssqldb
6 participants
@shueybubbles @lokmannicholas @grrlgeek @timothytavarez @wcraigjones @nicholas-atg