Your suggested change has been received. Thank you.

Suggest A Change

Thank you! Your suggestion has been submitted.

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

There are some errors in your form.

Your Name This field is required

Your Email This field is required

How can we improve this content? This field is required

Release Notes
Administration

All

All

Administration

Administration
Quick Start
Installing CAKM for Microsoft SQL Server EKM Provider
Configuring Provider and EKM Logs
Tasks
- Configuring Properties File
- Creating Keys
- Upgrading CAKM for Microsoft SQL Server EKM Provider
- Key Rotations
- Using CAKM for Microsoft SQL Server EKM Provider
- Using EKM Provider with Multiple SQL Instances
- Using CAKM for Microsoft SQL Server EKM Provider with Database Backup Encryption
- Using CAKM for Microsoft SQL Server EKM Provider with Transparent Database Encryption
- Uninstalling CAKM for Microsoft SQL Server EKM Provider
- Integrating CAKM for Microsoft SQL Server EKM with SQL Server High Availability (Always ON) Groups
- Creating Asymmetric Key with Key Version Enabled
- Migration from SQL EKM to CAKM MSSQL EKM Provider
- Restoring Encrypted TDE Database Backups
Advanced Topics
- Setting up SSL/TLS
- Securing Passphrase
- Resolving Fully Qualified Domain Name (FQDN) or Hostname
- Communication between CAKM for Microsoft SQL Server EKM and CipherTrust Manager
- Error Messages
- Key Caching
Appendix

CAKM for MSSQL EKM
Administration

Administration

CAKM for Microsoft SQL Server EKM provides data encryption capabilities via Microsoft SQL Server Extensible Key Management (EKM).

It allows the users to perform Transparent Data Encryption (TDE) and cell level encryption, using the CipherTrust Manager as an external Key Manager.

The advantages of using the CipherTrust Manager are as follows:

Additional security is provided by separation of administrative access. For example, the system can be set up so that CipherTrust Application Data Protection Security Administrator can access only the keys, and the database administrator can access only the database.
Helps achieve PCI security standards.
Centralized storage and management of encryption keys.

Supported Product Versions

Microsoft SQL Server

MSSQL Server 2012
MSSQL Server 2014
MSSQL Server 2016
MSSQL Server 2017
MSSQL Server 2019

CipherTrust Manager

CipherTrust Manager 2.3.0 and higher

Note

Migration from VKM to CAKM for Microsoft SQL Server EKM provider is supported from CipherTrust Manager 2.5.2 and higher.

Supported Algorithms and Key Size

Refer Supported Algorithms and Key Size

Note

To upgrade from SafeNet MSSQL EKM provider to CAKM for Microsoft SQL Server EKM Provider, refer Upgrading CAKM for Microsoft SQL Server EKM Provider.
To migrate from Vormetric Key Management (VKM) to CAKM for Microsoft SQL Server EKM Provider, refer VKM to Microsoft EKM.

On this page

CAKM for MSSQL EKM

© Copyright 2019-2025, Thales Group

+1 410-469-1651 supportportal.thalesgroup.com

Support
- Support Contacts
- Text Conventions
Legal

© Copyright 2019-2025, Thales Group

+1 410-469-1651 supportportal.thalesgroup.com