Question

1
Replies
738
Views
MilanPatra Member since 2013 7 posts
Capgemini
Posted: July 3, 2019
Last activity: July 10, 2019
Closed

Using the 'Always Encrypted' feature of Azure SQL server

Requirement is to connect to azure sql database which has 'Always Encrypted' feature on to encrypt few columns in a table.

For this, we have created the database rule and able to successfully connect to the database and fetching the data. However the data are in encrypted form for the columns which were encrypted using the 'Always Encrypted' feature.

DBA has shared the application id and secret key after creating the Column encryption key, Column Master Key and registering them.

Now, going by the link -

https://docs.microsoft.com/en-us/sql/connect/jdbc/using-always-encrypted-with-the-jdbc-driver?view=sql-server-2017

It says that client applications need to instantiate the SQLServerColumnEncryptionAzureKeyVaultProvider and register it with the driver using the below code snippet:

String clientID = "<Azure Application ID>";
String clientKey = "<Azure Application API Key Password>";
SQLServerColumnEncryptionAzureKeyVaultProvider akvProvider = new SQLServerColumnEncryptionAzureKeyVaultProvider(clientID, clientKey);
Map<String, SQLServerColumnEncryptionKeyStoreProvider> keyStoreMap = new HashMap<String, SQLServerColumnEncryptionKeyStoreProvider>();
keyStoreMap.put(akvProvider.getName(), akvProvider);
SQLServerConnection.registerColumnEncryptionKeyStoreProviders(keyStoreMap);
String connectionUrl = "jdbc:sqlserver://<server>:<port>;databaseName=<databaseName>;user=<user>;password=<password>;columnEncryptionSetting=Enabled;"

It also says-

"

If you use the Azure Key Vault keystore provider, the Azure Key Vault implementation of the JDBC driver has dependencies on these libraries (from GitHub) which must be included with your application:

azure-sdk-for-java

azure-activedirectory-library-for-java libraries"

Questions:

1. I am not sure how pega application can be registered as mentioned in this document. Does the JDBC driver API methods handle that? Do we need to any custom coding for this in Pega?

2. Not sure how to include the dependent Library files and where. Has anybody done this before? Any help is appreciated. Thank you.

Data Integration Security
Moderation Team has archived post
Share this page LinkedIn