This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(192, 74%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDC%3C/text%3E%3C/svg%3E)
Our database has triggers to insert records into separate audit tables that contain the same columns as the base table. If we are encrypting some of the columns on the base table then I assume that the corresponding audit table will have to have those same columns encrypted. Is this correct?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 78%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECZ%3C/text%3E%3C/svg%3E)
Hi @David Chase ,
Is there any update on this case?
At a minimum you need to encrypt the audit columns with the same key and in the same way (Randomized or deterministic.) I am not fully sure that it will work, but I am short on time, and I don't have the time to test. But if things are not set up correctly, you will get an error when you insert, or when you create the trigger.
(Ben, since I have been answering several of David's questions recently, I know that he is looking at Always Encrypted.)
My separate post is titled "decrypt error". This is where we are trying to resolve the synching of the master and column keys and what login we should use to create them.
Yes, I am on that thread.
Depending on the type of encryption, but I would say yes as if they are unencrypted in the audit table 1) you have to do a decent amount of plumbing to get it unencrypted just for audit, and 2) you probably invalidate an audit since the purpose of encrypting the data is to not have compromise, so if audit has them unencrypted, then that would be a target to get the unencrypted data.