Reputation: 1083
Column level encryption on SQL Azure with logical partition on tables
I have tried enabling column level encryption on Azure SQL DB along with Key vault; which is working fine. But I have a situation where based on the data in the column I want to have different keys for encryption. Example, I have a [Institution] column and for each institution I want to have different keys (CEK) to encrypt. Is it possible to do this? I was also looking at logical partitioning and then encrypting , for each logical partition it should have separate CEK (Column encryption key). Can it be achieved?
Upvotes: 1
Views: 317
Answers (1)
Reputation: 837
Always encrypted does not support multiple CEKs for a single column, even with logical partitioning. A column can only have one CEK.
You might want to look at row level security and determine if that can help your use case. Row level security provides the access control that you need but the security guarantees provided by row level security are not the same as always encrypted
Upvotes: 1
Related Questions
- SQL Always Encrypted in Azure
- Always Encrypted manually decrypt Column Encryption Key
- Encryption of data stored in Azure Tables (Azure Storage)
- SQL Server Column Encryption using Azure Key Vault and Spring Boot
- How to encrypt one or two specific columns in an azure table when storing data?
- Column Level Encryption in Azure SQL Datawarehouse
- Transparent Data Encryption (TDE) for Azure SQL Database
- Data encryption for few columns in a table
- Row-wise encryption SQL Server 2016
- How to encrypt data in SQL Azure?