Public preview: Always Encrypted for Azure SQL Database

04 November 2015

Always Encrypted is a feature designed to protect sensitive data (such as credit card numbers) that are stored in Azure SQL Database. It ensures that sensitive data is encrypted and decrypted inside client applications or application servers by using keys that are never revealed to Azure SQL Database. As a result, even database administrators, other high privilege users, or attackers gaining illegal access to Azure SQL Database, are not able access the data. Always Encrypted makes encryption transparent to client applications. A SQL client driver (such as ADO.NET in .NET 4.6) that is enabled with Always Encrypted transparently encrypts the data that corresponds to sensitive columns before it passes the data to the database. It automatically rewrites queries so that the semantics to the application are preserved. Similarly, the driver transparently decrypts the data retrieved from encrypted database columns, and returns plain text values to the application. graphic1 For more information about Always Encrypted, see:

Free account

Learn and build with $200 in credit and keep going for free

Start free

Visual Studio

Subscribers get up to $1800 per year of Azure services

Activate now

Startups

Join the BizSpark program and get free Azure services

Learn more