Events
Mar 31, 11 PM - Apr 2, 11 PM
The biggest SQL, Fabric and Power BI learning event. March 31 – April 2. Use code FABINSIDER to save $400.
Register todayThis browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Applies to:
SQL Server
Azure SQL Database
Azure SQL Managed Instance
SQL database in Microsoft Fabric
Encryption is the process of obfuscating data by the use of a key or password. This process can make the data useless without the corresponding decryption key or password. Encryption doesn't solve access control problems. However, it enhances security by limiting data loss even if access controls are bypassed. For example, if the database host computer is misconfigured and a hacker obtains sensitive data, that stolen information might be useless if it's encrypted.
Although encryption is a valuable tool to help ensure security, it shouldn't be considered for all data or connections. When you're deciding whether to implement encryption, consider how users access data. If users access data over a public network, data encryption might be required to increase security. However, if all access involves a secure intranet configuration, encryption might not be required. Any use of encryption should also include a maintenance strategy for passwords, keys, and certificates.
Note
The latest information about Transport Level Security (TLS 1.2) is available at TLS 1.2 support for Microsoft SQL Server. For more information about TLS 1.3, see TLS 1.3 support.
You can use encryption in SQL Server for connections, data, and stored procedures. The following articles contain more information about encryption in SQL Server.
Information about the encryption hierarchy in SQL Server.
Choose an encryption algorithm
Information about how to select an effective encrypting algorithm.
Transparent data encryption (TDE)
General information about how to encrypt data at rest.
SQL Server and Database Encryption Keys (Database Engine)
In SQL Server, encryption keys include a combination of public, private, and symmetric keys that are used to protect sensitive data. This section explains how to implement and manage encryption keys.
Ensure on-premises database administrators, cloud database operators, or other high-privileged, but unauthorized users, can't access the encrypted data. Expand Always Encrypted with Always Encrypted with secure enclaves to enable in-place encryption and richer confidential queries.
Limit sensitive data exposure by masking it to nonprivileged users.
SQL Server Certificates and Asymmetric Keys
Information about using Public Key Cryptography.
Events
Mar 31, 11 PM - Apr 2, 11 PM
The biggest SQL, Fabric and Power BI learning event. March 31 – April 2. Use code FABINSIDER to save $400.
Register todayTraining
Certification
Microsoft Certified: Azure Database Administrator Associate - Certifications
Administer an SQL Server database infrastructure for cloud, on-premises and hybrid relational databases using the Microsoft PaaS relational database offerings.
Documentation
Encryption hierarchy - SQL Server
Learn about the hierarchical encryption and key management infrastructure in SQL Server. Store keys in an Extensible Key Management module.
SQL Server & database encryption keys - SQL Server
Learn about the service master key and database master key used by the SQL Server database engine to encrypt and secure data.
Transparent data encryption (TDE) - SQL Server
Learn about transparent data encryption, which encrypts SQL Server, Azure SQL Database, and Azure Synapse Analytics data, known as encrypting data at rest.