小贝子编程

Visual Studio Code SQL Server 使用 Azure Key Vault 连接到加密数据库(始终



我正在尝试从macOS上的VSCode连接到SQL Server数据库,该数据库使用始终加密的机制来保护某些列。主密钥存储在Azure 密钥保管库中。

使用Microsoft提供的始终加密指南,能够成功连接到数据库。

对于在我的 mac 上使用 VSCode 的简单连接也是如此,而无需打开加密/解密。我使用了mssql扩展插件并在设置中提供必要的信息,以便能够查询数据

设置 

"mssql.connections": [
{
"server": "XXXXXXXX.database.windows.net",
"database": "AlwaysEncrypted",
"authenticationType": "SqlLogin",
"user": "XXXXX",
"password": "",
"emptyPasswordInput": false,
"savePassword": true,
"profileName": "AlwaysEncrypted"
}
]

查询

SELECT * FROM EmployeeDetails

结果

[
{
"EmployeeDetailsId": "1",
"EmployeeNo": "FE00000001",
"FirstName": "0x013EC8AB61767E1C3D934AB061BCA658B6948637812450C8245DCE4C447F59FD1D6252069A36A67E3477E1C5FB24D860E72FBCC65F98C92B92AB873CE55349672A",
"MiddleName": "0x015354526EC17EB1151AE918514E565507EDCB5691B4215C45798CA86EB11C47EECA579242926EDFE9F6543006177CBFC03E0F95CD0D8CAE6C941AE173AAF2B925",
"LastName": "0x0170B3FD2B0416E0607312FB2A67B0F42798EC1871FEAB90AB81235ADACDE1C4F5614099FA3B61E59FEB2D6AD599CB3A9FD031FE56F327F0C80F4BA963EE7E155A",
"DateOfBirth": "1985-08-12 00:00:00.000"
}
]

遵循两个指南

  • https://learn.microsoft.com/en-us/sql/connect/odbc/using-always-encrypted-with-the-odbc-driver?view=sql-server-2017
  • https://github.com/Microsoft/vscode-mssql/wiki/manage-connection-profiles

我确实尝试使用mssql 扩展名创建另一个连接并提供ODBC 连接字符串,但最终在查询时无法获取解密数据(连接建立得很好(。结果与上面发布的相同

使用连接字符串的设置

"mssql.connections": [
{
"server": "XXXXXXXX.database.windows.net",
"database": "AlwaysEncrypted",
"authenticationType": "SqlLogin",
"user": "XXXXX",
"password": "",
"emptyPasswordInput": false,
"savePassword": true,
"profileName": "AlwaysEncrypted_WithKeyVault",
"connectionString": "SERVER=XXXXXX.database.windows.net;Trusted_Connection=Yes;DATABASE=AlwaysEncrypted;ColumnEncryption=Enabled;KeyStoreAuthentication=KeyVaultPassword;KeyStorePrincipalId=USER.NAME@DOMAIN.com;KeyStoreSecret=PASSWORD"
}
]

谁能帮我弄清楚如何正确设置连接,以便在使用 VSCode 时透明地进行加密/解密?

有点陈旧的问题,但对于任何最终也发现这个的人:

我设法在我的 settings.jsonmssql.connections数组中使用以下设置,在 VS Code SQL Server 上成功建立了连接:

{
"server": "XXXX.serverhost.domain",
"database": "XXXX",
"authenticationType": "SqlLogin",
"user": "XXXX",
"password": "",
"savePassword": true,
"profileName": "XXXX",
// specifically the settings below were the important ones
"encrypt": true,
"trustServerCertificate": true,
"persistSecurityInfo": true
}

相关内容

  • 没有找到相关文章

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium