Azure Keyvault EKM with FCI cluster
Hi.
We have a SQL FCI cluster and would like to implement Extensible Key Management Using Azure Key Vault for backup encryption.
I have made all configurations according to the guide (https://learn.microsoft.com/en-us/sql/relational-databases/security/encryption/setup-steps-for-extensible-key-management-using-the-azure-key-vault?view=sql-server-ver15&tabs=portal) and everything looked good. I have successfully tested backup and restore. But when I move the cluster to a secondary node I can't do any backups or restores and receive an error:
Msg 15209, Level 16, State 24, Line 3
An error occurred during encryption.
Msg 3013, Level 16, State 1, Line 3
BACKUP DATABASE is terminating abnormally.
After several hours I was identified that Azure EKM wrote some information into [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQL Server Cryptographic Provider] registry key and of course these settings not migrating between cluster nodes.
When I import this setting on the secondary node all my backup jobs started working.
Is it possible to automatically synchronize these settings between nodes or store this information in master DB or other clustered DB?