32 lines
1.3 KiB
Plaintext
32 lines
1.3 KiB
Plaintext
---
|
|
layout: docs
|
|
page_title: Vault EKM provider for SQL Server
|
|
description: >-
|
|
The Vault EKM module for Microsoft SQL Server allows Vault to act as a provider for TDE.
|
|
---
|
|
|
|
# Vault EKM provider for SQL Server
|
|
|
|
-> **Note**: This feature requires [Vault Enterprise](https://www.hashicorp.com/products/vault/)
|
|
with the Advanced Data Protection Key Management module.
|
|
|
|
Microsoft SQL Server supports [Transparent Data Encryption][tde] (TDE). The
|
|
Database Encryption Keys (DEK) can be protected by asymmetric Key Encryption
|
|
Keys (KEK) managed by Vault's [Transit][transit] secret engine using SQL Server's
|
|
[Extensible Key Management][tde] (EKM).
|
|
|
|
[tde]: https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/transparent-data-encryption?view=sql-server-ver15
|
|
[ekm]: https://docs.microsoft.com/sql/relational-databases/security/encryption/extensible-key-management-ekm?view=sql-server-ver15
|
|
[transit]: https://www.vaultproject.io/docs/secrets/transit
|
|
|
|
|
|
See [installation](/docs/platform/mssql/installation) and [configuration](/docs/platform/mssql/configuration)
|
|
for help getting started with the Vault EKM provider for SQL Server.
|
|
|
|
## Features
|
|
|
|
The following features are supported by the Vault EKM provider:
|
|
|
|
* Management of KEK with Transit secret engine using `rsa-2048` key cipher
|
|
* AppRole auth
|