{"id":13801,"date":"2015-10-26T12:00:00","date_gmt":"2015-10-26T19:00:00","guid":{"rendered":""},"modified":"2024-01-30T10:24:04","modified_gmt":"2024-01-30T18:24:04","slug":"azure-key-vault-integration-for-sql-server-in-azure-vms","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/sql-server\/blog\/2015\/10\/26\/azure-key-vault-integration-for-sql-server-in-azure-vms\/","title":{"rendered":"Azure Key Vault Integration for SQL Server in Azure VMs"},"content":{"rendered":"\n

Earlier this year we announced a service called Azure Key Vault<\/a> (AKV), a cloud-hosted Hardware Security Module (HSM)<\/a> backed service for managing cryptographic keys and other secrets used in your cloud application. This summer, that service became generally available. Around the same time, the SQL Server Connector was also released (available on the Microsoft Download Center<\/a>). This connector enables SQL Server encryption to use the Azure Key Vault as an Extensible Key Management (EKM) module for more secure key protection. Today we are announcing the Azure Key Vault Integration feature that simplifies the process of setting up your SQL Server VM to take advantage of AKV.<\/p>\n\n\n\n

Azure Key Vault provides the convenience of managing your cryptographic keys within one service that is secure and highly available. This provides an alternative to managing the storage, protection, and sharing of those keys yourself. The SQL Server Connector allows your SQL Server machine to connect to Azure Key Vault in order to access the cryptographic keys that are protecting your encrypted databases or backups.<\/p>\n\n\n\n

If you are unfamiliar with Azure Key Vault, HSMs, or SQL Server encryption, the links above are a good place to start.<\/p>\n\n\n\n

Configuring Your Machine for AKV<\/strong><\/p>\n\n\n\n

Before using Azure Key Vault, there are several steps to go through to configure your SQL Server machine. You need to download and install the SQL Server Connector, configure the EKM provider, and create the credential that allows you to connect to your key vault from your machine. If you need to do this for multiple machines, the time quickly adds up.<\/p>\n\n\n\n

To save time, we have created the Azure Key Vault Integration feature that automates this entire setup for your SQL Server Virtual Machines in Azure. This feature, when enabled, automatically configures your SQL VM so that you can access the keys in your key vault and use them to encrypt your databases and backups. This is a one-time setup, providing you the option to access keys in your key vault at any time from your VM. All you need to do is execute a few PowerShell cmdlets.<\/p>\n\n\n\n

Note: These steps are provided in this blog post for convenience. However, when there are updates to the feature, the instructions may change. Please refer to the product documentation page <\/a>for the most current outline of the steps to use this feature if you are reading this sometime after the post date of this blog.<\/em><\/p>\n\n\n\n

Prerequisites for Using this Feature<\/strong><\/p>\n\n\n\n

Before taking advantage of this feature, you will need the following:<\/p>\n\n\n\n