Always Encrypted

Kenneth Nielsen takes a look at Always Encrypted:

The way Microsoft have implemented this always encrypted feature, is to let all the data in the tables be encrypted. The application that needs to look at data will have to use the new Enhanced library, which will give your application the methods to de/encrypt data.

This way, the only way to insert data into a table, which contains encrypted columns, is to use parameterized insert statements from your application. It is not even possible to insert data from SQL Server Management Studio, if we try, the statement will fail.

This way we ensure that only the persons using the application will be looking at un-encrypted data, thus reducing the number of people with a direct access to sensitive data.

If you go down this route, it looks like the only method available for modifying data is going through ADO.NET, although that could change later.  My biggest concern here is how much of a performance hit—if any—systems will take.

Related Posts

Access Violation Error In SQL Server 2016 SP2 CU4

Lonny Niederstadt tracked down an ugly bug in SQL Server 2016 SP2 CU4: When I started investigating, the error was known only as an access violation, preventing some operations related to data cleansing or fact table versioning. It occurred deep within a series of stored procedures.  The execution environment included cross-database DELETE statements, cross-database synonyms, […]

Read More

Tooling For SQL Server Automation With Powershell

Max Trinidad shares some tools you can use to automate SQL Server processes with Powershell: For script automation we could install either or both version of PowerShell Core: (As of February 19th, 2019)PowerShell Core GA version 6.1.3PowerShell Core Preview 6.2.0 Preview 4 Here are some important PowerShell Modules to use for SQL Server management scripting:*SQLServer – […]

Read More


November 2015
« Jan Dec »