3.0.0 released 14 June 2021
This library contains the implementation of Microsoft.Data.SqlClient.SqlColumnEncryptionKeyStoreProvider for accessing Azure Key Vault, and the provider class is named SqlColumnEncryptionAzureKeyVaultProvider.
- Introduces column encryption key caching support #1056
- Microsoft.Data.SqlClient dependency version upgraded to v3.0.0+ #1111
SqlColumnEncryptionAzureKeyVaultProvider v3.0 is implemented against Microsoft.Data.SqlClient v3.0 and supports .NET Framework 4.6.1+, .NET Core 2.1+, and .NET Standard 2.0+. The provider name identifier for this library is "AZURE_KEY_VAULT" and it is not registered in the driver by default. Client applications may initialize this provider by providing an Azure.Core.TokenCredential and registering it with the driver using any of the below APIs:
- SqlConnection.RegisterColumnEncryptionKeyStoreProviders
- SqlConnection.RegisterColumnEncryptionKeyStoreProvidersOnConnection (Added in version 3.0.0)
- SqlCommand.RegisterColumnEncryptionKeyStoreProvidersOnCommand (Added in version 3.0.0)
Once the provider is registered, it can be used to perform Always Encrypted operations by creating a Column Master Key using the Azure Key Vault Key Identifier URL.
The linked C# samples below demonstrate using Always Encrypted with secure enclaves with Azure Key Vault:
- Legacy API support (Always Encrypted): AzureKeyVaultProviderExample.cs
- New API support (Always Encrypted): AzureKeyVaultProviderExample.cs
- Legacy API support (Always Encrypted with secure enclaves): AzureKeyVaultProviderExample.cs
- New API support (Always Encrypted with secure enclaves): AzureKeyVaultProviderExample.cs
- Column Encryption Key cache scope example: AzureKeyVaultProvider_ColumnEncryptionKeyCacheScope.cs
- Registering custom key store provider - Connection Precedence: RegisterCustomKeyStoreProvider_ConnectionPrecedence.cs
- Registering custom key store provider - Command Precedence: RegisterCustomKeyStoreProvider_CommandPrecedence.cs
For further details, refer to Using the Azure Key Vault provider
- .NET Framework 4.6.1+
- .NET Core 2.1+ (Windows x86, Windows x64, Linux, macOS)
- .NET Standard 2.0+
- Azure.Core 1.6.0
- Azure.Security.KeyVault.Keys 4.0.3
- Microsoft.Data.SqlClient 3.0.0
- System.Text.Encodings.Web 4.7.2
- Microsoft.Extensions.Caching.Memory 5.0.0
- Azure.Core 1.6.0
- Azure.Security.KeyVault.Keys 4.0.3
- Microsoft.Data.SqlClient 3.0.0
- System.Text.Encodings.Web 4.7.2
- Microsoft.Extensions.Caching.Memory 5.0.0
- Azure.Core 1.6.0
- Azure.Security.KeyVault.Keys 4.0.3
- Microsoft.Data.SqlClient 3.0.0
- System.Text.Encodings.Web 4.7.2
- Microsoft.Extensions.Caching.Memory 5.0.0