Reputation: 21
SSRS and Azure Keyvault integration
We use MS SSRS (ReportServer) for creating documents from data in a database, the database uses CLE (Column Level Encryption) of PCII data. This has worked well for years, but we are switching to Azure KeyVault for storing the certificate used in the CLE, it works good in our application.
But the issue is from the SSRS server, does anyone know if this can even work? The CLE certificate is now linked to the Azure KeyVault, so the user we use to connect to the database can't get the certificate and decrypt the data anymore. I have been reading the guide here https://learn.microsoft.com/en-us/sql/relational-databases/security/encryption/setup-steps-for-extensible-key-management-using-the-azure-key-vault?view=sql-server-ver16&tabs=portal and all that works fine. A credential is created that links the SQL server and the Keyvault, this is then used to create a SQL server login via an asymetric key, but this users can't be used to login to the SQL server, so not able to use this from the SSRS server to the database with the data in it.
So how to decrypt the data in the database, now that the user can't access the created SQL login, or the credential.
Upvotes: 0
Views: 16
Answers (0)
Related Questions
- What is the difference between "INNER JOIN" and "OUTER JOIN"?
- Does a foreign key automatically create an index?
- What is the difference between varchar and nvarchar?
- What is the difference between UNION and UNION ALL?
- Reset identity seed after deleting records in SQL Server
- What is the difference between JOIN and INNER JOIN?
- How can I permanently purge an entire azure keyvault that's been created with soft delete enabled?
- azure login with service principal using certificate from keyvault
- Define Policy on Azure KeyVault Key using KeyVaultClient