locked
TDE using Azure Key Vault RRS feed

  • Question

  • Hello

    I am trying to setup TDE on MSSQL Server 2014 SP1 Enterprise Edition using Azure Key Vault.

    Azure Key Vault is setup with needed credentials which are tied up with SQL Server. I could able to successfully able to create the key on master database.

    When I am trying to following sample script provided on Azure Key Vault SQL Connector , error out as bellow

    Msg 15209, Level 16, State 24, Line 4

    An error occurred during encryption.

    EKM_TDEKEY is the key in Key vault , created earlier successfully.

    CREATE DATABASE ENCRYPTION KEY 

    WITH ALGORITHM  = AES_128 

    ENCRYPTION BY SERVER ASYMMETRIC KEY EKM_TDEKEY;

    GO


    Tuesday, September 29, 2015 8:05 PM

All replies

  • Hi Sandip,

    Did you create another Client ID and Secret when you created your TDE credential (named Azure_EKM_TDE_Cred in the article)? (You don't have to do this by the way, and you can use the same Client ID and Secret that you used earlier before the TDE example.) 
    If you did create another Client ID/Secret, does the new Client ID have the appropriate permissions through PowerShell to wrap and unwrap using your master key (the key in Key Vault)?

    Thanks,

    Rebecca

    Wednesday, September 30, 2015 9:41 PM
  • Actually, to give us more context on your issue, could you do the following:

    1. Go to Event Viewer (<window key> + "R", type in "eventvwr") on the computer where your EKM is set up
    2. Under Windows Logs >> Application, Click "Filter Current Log..." on the right side panel and filter the Event Source by "SQL Connector"
    3. Copy the Event ID and the call stack that shows up in the General tab on the bottom half of the page and tell us here.

    Then we'll see what the source of the issue is.

    Thanks,

    Rebecca

    Wednesday, September 30, 2015 9:56 PM
  • For future readers of this thread, the MSDN article is Extensible Key Management Using Azure Key Vault (SQL Server) https://msdn.microsoft.com/library/dn198405.aspx which has a section on TDE.

    Rick Byham, Microsoft, SQL Server Books Online, Implies no warranty

    Friday, October 2, 2015 4:09 PM