Azure key vault - TDE

Asharaf Ali 61 Reputation points
2022-07-12T18:04:09.957+00:00

Hi Team,

I am trying to enable TDE on SQL on Azure VM, at the asymmetric key create step it fail with the following error.

Msg 33028, Level 16, State 1, Line 29
Cannot open session for cryptographic provider 'AzureKeyVault_EKM_Prov'. Provider error code: 3110. (Provider Error - No explanation is available, consult EKM Provider for details)

Windows event log:
Vault Name: keyvaultsql01.vault.azure.net Operation: acquireToken Key Name: Message: [error:110, info:400, state:0] The request is invalid. This usually means the key name is invalid or contains invalid characters.

What I did so far is:
in Azure portal -

  1. Created Azure Key Vault
  2. Application registered
  3. Key added to application
  4. Added policy
  5. Key added in Key Vault

in SQL/vm

  1. SQL Server connector installed
  2. Cryptographic provider created
  3. Credential created
  4. Login created (sysadmin) and mapped credential

then tried to create Asymmetric key, it failed with above mentioned error. Do I need to add specific access rights for accessing key vault? anything I miss? note that I did not install Azure powershell on vm, is it really required?

Thanks,
Ashu

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,254 questions
SQL Server on Azure Virtual Machines
Azure SQL Database
{count} votes

Accepted answer
  1. Oury Ba-MSFT 18,606 Reputation points Microsoft Employee
    2022-07-13T00:10:01.517+00:00

    @Asharaf Ali

    To enable TDE using EKM
    Copy the files supplied by the EKM provider to an appropriate location on the SQL Server computer. In this example, we use the C:\EKM_Files folder.

    Install certificates to the computer as required by your EKM provider.

    In Object Explorer, connect to an instance of Database Engine.

    On the Standard bar, click New Query.

    Copy and paste the following example into the query window and click Execute.

    243094-image.png

    Reference: Enable TDE on SQL Server Using EKM

    Regards,
    Oury


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.