Administration

CAKM for Microsoft SQL Server EKM provides data encryption capabilities through Microsoft SQL Server Extensible Key Management (EKM).

It allows the users to perform Transparent Data Encryption (TDE) and cell level encryption, using the CipherTrust Manager as an external Key Manager.

The advantages of using the CipherTrust Manager are as follows:

• Additional security is provided by the separation of administrative access. For example, the system can be set up so that CipherTrust Application Data Protection Security Administrator can access only the keys, and the database administrator can access only the database.

• Helps achieve PCI security standards.

• Centralized storage and management of encryption keys.

Prerequisites

• Ensure that you have Microsoft Visual C++ 2015-2022 Redistributable Package installed in your machine.

Supported Product Versions

Microsoft SQL Server

• MSSQL Server 2022

• MSSQL Server 2019

• MSSQL Server 2017

• MSSQL Server 2016

Supported CipherTrust Manager

• CipherTrust Manager 2.3.0 and higher

Supported Algorithms and Key Size

Refer Supported Algorithms and Key Size

Support for LDAP users

CAKM for MSSQL EKM connector supports the LDAP users.

To create a credential with Microsoft SQL Server using LDAP users, execute the following query:

CREATE CREDENTIAL <Credential Name> WITH IDENTITY='LDAP Connection name|LDAP user',
SECRET='LDAP Password'
FOR CRYPTOGRAPHIC PROVIDER <Provider Name>

CAKM for MSSQL EKM connector supports the LDAP users with Sub-Domain.

To create a credential using LDAP users with sub-domain, execute the following query:

CREATE CREDENTIAL <Credential Name> WITH IDENTITY='Sub-Domain|LDAP Connection name|LDAP user',
SECRET='LDAP Password'
FOR CRYPTOGRAPHIC PROVIDER <Provider Name>