Getting Started with Always Encrypted with SSMS

Play Getting Started with Always Encrypted with SSMS

The Discussion

  • User profile image
    Masayuki

    Is the setting of the CEK / CMK, encryption is complete

    but, when you run a query from SSMS by setting the
    " Column Encryption Setting = Enabled " ,
    it will result in an error of under .

    ==========================================
    Msg 0, Level 11, State 0, Line 0
    Failed to decrypt column 'Column2'.
    Msg 0, Level 11, State 0, Line 0
    Failed to decrypt a column encryption key. Invalid key store provider name: 'AZURE_KEY_VAULT'.
    A key store provider name must denote either a system key store provider or a registered custom key store provider.
    Valid system key store provider names are: 'MSSQL_CERTIFICATE_STORE'.
    Valid (currently registered) custom key store provider names are: .
    Please verify key store provider information in column master key definitions in the database,
    and verify all custom key store providers used in your application are registered properly.
    ==========================================

    SSMS are using the Windows Server 2012 R2 + CTP 3.0 (October Update) , Do I need additional settings, etc. on the client side ?

  • User profile image
    JustinS

    @Masayuki: I have the exact same issue. I'm using Azure SQL + SSMS 2016 CTP3. Encryption succeeded, but trying to query the column results in the AZURE_KEY_VAULT provider error.

  • User profile image
    Jakub​Szymaszek

     @Justin and Masayuki: Thank you reporting the bug. The fix for this bug will ship in CTP3.1 and the next refresh of SSMS. Please see the comment on the following blog post for more details: https://blogs.msdn.com/b/sqlsecurity/archive/2015/11/10/using-the-azure-key-vault-key-store-provider.aspx.

  • User profile image
    Rohit

    Failed to decrypt a column encryption key. Invalid key store provider name: 'MY_OWN_CUSTOM_KEY_STORE_PROVIDER'. A key store provider name must denote either a system key store provider or a registered custom key store provider. Valid system key store provider names are: 'MSSQL_CERTIFICATE_STORE', 'MSSQL_CNG_STORE', 'MSSQL_CSP_PROVIDER'. Valid (currently registered) custom key store provider names are: . Please verify key store provider information in column master key definitions in the database, and verify all custom key store providers used in your application are registered properly.

  • User profile image
    Sowmya

    Details: Failed to decrypt a column encryption key. Invalid key store provider name: 'SUN'. A key store provider name must denote either a system key store provider or a registered custom key store provider. Valid system key store provider names are: 'MSSQL_CERTIFICATE_STORE', 'MSSQL_CNG_STORE', 'MSSQL_CSP_PROVIDER'. Valid (currently registered) custom key store provider names are: 'AZURE_KEY_VAULT'. Please verify key store provider information in column master key definitions in the database, and verify all custom key store providers used in your application are registered properly..

Conversation locked

This conversation has been locked by the site admins. No new comments can be made.