Question
Natwest Group
IN
Last activity: 10 Jul 2019 4:11 EDT
Using the 'Always Encrypted' feature of Azure SQL server
Requirement is to connect to azure sql database which has 'Always Encrypted' feature on to encrypt few columns in a table.
For this, we have created the database rule and able to successfully connect to the database and fetching the data. However the data are in encrypted form for the columns which were encrypted using the 'Always Encrypted' feature.
DBA has shared the application id and secret key after creating the Column encryption key, Column Master Key and registering them.
Now, going by the link -
It says that client applications need to instantiate the SQLServerColumnEncryptionAzureKeyVaultProvider and register it with the driver using the below code snippet:
Requirement is to connect to azure sql database which has 'Always Encrypted' feature on to encrypt few columns in a table.
For this, we have created the database rule and able to successfully connect to the database and fetching the data. However the data are in encrypted form for the columns which were encrypted using the 'Always Encrypted' feature.
DBA has shared the application id and secret key after creating the Column encryption key, Column Master Key and registering them.
Now, going by the link -
It says that client applications need to instantiate the SQLServerColumnEncryptionAzureKeyVaultProvider and register it with the driver using the below code snippet:
String clientID = "<Azure Application ID>";
String clientKey = "<Azure Application API Key Password>";
SQLServerColumnEncryptionAzureKeyVaultProvider akvProvider = new SQLServerColumnEncryptionAzureKeyVaultProvider(clientID, clientKey);
Map<String, SQLServerColumnEncryptionKeyStoreProvider> keyStoreMap = new HashMap<String, SQLServerColumnEncryptionKeyStoreProvider>();
keyStoreMap.put(akvProvider.getName(), akvProvider);
SQLServerConnection.registerColumnEncryptionKeyStoreProviders(keyStoreMap);
String connectionUrl = "jdbc:sqlserver://<server>:<port>;databaseName=<databaseName>;user=<user>;password=<password>;columnEncryptionSetting=Enabled;"
It also says-
"
If you use the Azure Key Vault keystore provider, the Azure Key Vault implementation of the JDBC driver has dependencies on these libraries (from GitHub) which must be included with your application:
azure-sdk-for-java
azure-activedirectory-library-for-java libraries"
Questions:
1. I am not sure how pega application can be registered as mentioned in this document. Does the JDBC driver API methods handle that? Do we need to any custom coding for this in Pega?
2. Not sure how to include the dependent Library files and where. Has anybody done this before? Any help is appreciated. Thank you.