Lokasi ngalangkungan proxy:   [ UP ]  
[Ngawartoskeun bug]   [Panyetelan cookie]                
Skip to content

Commit bdbb2a1

Browse files
v-albemiv-albemi
authored
Merge pull request #19382 from David-Engel/patch-1
Add note about M-HSM
2 parents 4d5d037 + 4f80f63 commit bdbb2a1

1 file changed

Lines changed: 4 additions & 1 deletion

File tree

docs/connect/odbc/using-always-encrypted-with-the-odbc-driver.md

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
title: Using Always Encrypted
33
description: Learn how to develop ODBC applications using Always Encrypted and the Microsoft ODBC Driver for SQL Server.
44
ms.custom: ""
5-
ms.date: 05/14/2021
5+
ms.date: 05/19/2021
66
ms.prod: sql
77
ms.technology: connectivity
88
ms.topic: conceptual
@@ -507,6 +507,9 @@ No other ODBC application changes are required to use AKV for CMK storage.
507507
> [!NOTE]
508508
> The driver contains a list of AKV endpoints which it trusts. Starting with driver version 17.5.2, this list is configurable: set the `AKVTrustedEndpoints` property in the driver or DSN's ODBCINST.INI or ODBC.INI registry key (Windows) or `odbcinst.ini` or `odbc.ini` file section (Linux/macOS) to a semicolon-delimited list. Setting it in the DSN takes precedence over a setting in the driver. If the value begins with a semicolon, it extends the default list; otherwise, it replaces the default list. The default list (as of 17.5) is `vault.azure.net;vault.azure.cn;vault.usgovcloudapi.net;vault.microsoftazure.de`. Starting with 17.7, the list also includes `managedhsm.azure.net;managedhsm.azure.cn;managedhsm.usgovcloudapi.net;managedhsm.microsoftazure.de`.
509509
510+
> [!NOTE]
511+
> The Azure Key Vault provider built in to the ODBC driver supports both [Vaults and Managed HSMs in Azure Key Vault](/azure/key-vault/keys/about-keys).
512+
510513
### Using the Windows Certificate Store provider
511514

512515
The ODBC Driver for SQL Server on Windows includes a built-in column master key store provider for the Windows Certificate Store, named `MSSQL_CERTIFICATE_STORE`. (This provider isn't available on macOS or Linux.) With this provider, the CMK is stored locally on the client machine and no extra configuration by the application is necessary to use it with the driver. However, the application must have access to the certificate and its private key in the store. For more information, see [Create and Store Column Master Keys (Always Encrypted)](../../relational-databases/security/encryption/create-and-store-column-master-keys-always-encrypted.md).

0 commit comments

Comments
 (0)