Reputation: 73
Always Encrypted with Azure Key Vault SSMS Purge Error
I'm trying to setup a new Always Encrypted database using Azure Key Vault (I have previously had this working). In the SSMS Always Encrypted Wizard I can select the table and column to encrypt but I have a problem after selecting "Azure Key Vault" as the key store provider. I login and the window briefly pops up the dropdown that correctly lists my Key Vault in Azure but then it immediately goes away and has a warning triangle with the word "Purge" next to it and a "Try Again" button.
Clicking "Details" shows:
Any ideas what this means and how to get the wizard to complete?
I have tried this on 2 different installations of SQL 2016 with same result and using SSMS from different machines.
I know it says "We experienced issues in connecting to Azure" but since it is logging in and listing (briefly) my key vault what could the connection issue be?
Thanks.
Portion of details
===================================
We experienced issues in connecting to Azure (We experienced issues in connecting to Azure)
===================================
Purge (Microsoft.SqlServer.Management.ServiceManagement)
Program Location:
at Microsoft.SqlServer.Management.ServiceManagement.ResourceManagement.AzureKeyVaultKeyPermissionEnumConverter.ReadJson(JsonReader reader, Type objectType, Object existingValue, JsonSerializer serializer) at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.DeserializeConvertable(JsonConverter converter, JsonReader reader, Type objectType, Object existingValue) at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.PopulateList(IList list, JsonReader reader, JsonArrayContract contract, JsonProperty containerProperty, String id) at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateList(JsonReader reader, Type objectType, JsonContract contract, JsonProperty member, Object existingValue, String id)
Adding SSMS Version details here: Microsoft SQL Server Management Studio 13.0.16106.4 Microsoft Analysis Services Client Tools 13.0.1700.441 Microsoft Data Access Components (MDAC) 10.0.15063.0 Microsoft MSXML 3.0 4.0 6.0 Microsoft Internet Explorer 9.11.15063.0 Microsoft .NET Framework 4.0.30319.42000 Operating System 6.3.15063
Upvotes: 3
Views: 812
Answers (1)
Reputation: 1113
I was able workaround this by creating the KEY in the vault, scripting out the CREATE COLUMN MASTER KEY referencing the key's full version ID from the vault, creating a COLUMN ENCRYPTION KEY using the UI then use the Always Encrypted wizard to encrypt the designated columns with the appropriate keys.
Upvotes: 2
Related Questions
- Failed to decrypt a column encryption key using key store provider: 'AZURE_KEY_VAULT'
- error while trying to decrypt using azure vault certificate key: "Operation returned an invalid status code 'Forbidden'"
- Deleting Azure Key Vault secret fails in Azure Pipeline
- KeyVaultSecretsRepository vaultUri ArgumentException
- Operation 'DeletedVaultPurge' is not allowed - trying to purge Azure Key Vault
- Can't change anything in Encryption after deleting a vault key
- Azure web app key vault exception when recycled
- Azure Key Vault .NET - Method not found
- Always Encrypted SQL Server 2016 times out in Azure
- Always Encrypted Keys is missing in my SQL Server 2016 RC1