MS SQL Audit / Query Logging

HY 21 Reputation points
2020-10-23T04:08:39.493+00:00

Does MSSQL Server 2016 audit logging stores password in clear when I have enter an SQL query that is with the secret/password? Kindly advise.

An example of the sql query:

Create credential XYZuser with identity=’abcdefgh’, secret=’password’

After I run the query, is the secret/password stored in clear in the logs?

Thanks & Regards

SQL Server
SQL Server
A family of Microsoft relational database management and analysis systems for e-commerce, line-of-business, and data warehousing solutions.
12,232 questions
0 comments No comments
{count} votes

Accepted answer
  1. AmeliaGu-MSFT 13,956 Reputation points Microsoft Vendor
    2020-10-23T06:47:11.173+00:00

    Hi @HY ,
    Please don’t worry about that. SQL Server audit log will not record password clearly.
    Please see this example:
    34525-1.jpg
    Best Regards,
    Amelia


    If the answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

2 additional answers

Sort by: Most helpful
  1. tibor_karaszi@hotmail.com 4,301 Reputation points
    2020-10-23T06:41:25.527+00:00

    No, it doesn't expose passwords in traces or audits. Below is an example from a server audit, where I created a credential:

    SECRET = N'******'

    As you see, it show a number of asterisks instead of the passwords.

    0 comments No comments

  2. HY 21 Reputation points
    2020-10-23T06:49:18.703+00:00

    Thanks All for the answers.

    0 comments No comments