| title | SQL Server Encryption | Microsoft Docs | |||
|---|---|---|---|---|
| description | Use these resources to understand how SQL Server uses encryption to enhance security for your databases. | |||
| ms.custom | ||||
| ms.date | 05/15/2017 | |||
| ms.service | sql | |||
| ms.reviewer | vanto | |||
| ms.subservice | security | |||
| ms.topic | conceptual | |||
| helpviewer_keywords |
|
|||
| ms.assetid | ead0150e-4943-4ad5-84c8-36f85c7278f4 | |||
| author | jaszymas | |||
| ms.author | jaszymas | |||
| monikerRange | =azuresqldb-current||>=sql-server-2016||>=sql-server-linux-2017||=azuresqldb-mi-current |
[!INCLUDE SQL Server Azure SQL Database Azure SQL Managed Instance] Encryption is the process of obfuscating data by the use of a key or password. This can make the data useless without the corresponding decryption key or password. Encryption does not solve access control problems. However, it enhances security by limiting data loss even if access controls are bypassed. For example, if the database host computer is misconfigured and a hacker obtains sensitive data, that stolen information might be useless if it is encrypted.
Important
Although encryption is a valuable tool to help ensure security, it should not be considered for all data or connections. When you are deciding whether to implement encryption, consider how users will access data. If users access data over a public network, data encryption might be required to increase security. However, if all access involves a secure intranet configuration, encryption might not be required. Any use of encryption should also include a maintenance strategy for passwords, keys, and certificates.
Note
The latest information about Transport Level Security (TLS1.2) is available at TLS 1.2 support for Microsoft SQL Server.
You can use encryption in [!INCLUDEssNoVersion] for connections, data, and stored procedures. The following topics contain more information about encryption in [!INCLUDEssNoVersion].
Encryption Hierarchy
Information about the encryption hierarchy in [!INCLUDEssNoVersion].
Choose an Encryption Algorithm
Information about how to select an effective encrypting algorithm.
Transparent Data Encryption (TDE)
General information about how to encrypt data transparently.
SQL Server and Database Encryption Keys (Database Engine)
In [!INCLUDEssNoVersion], encryption keys include a combination of public, private, and symmetric keys that are used to protect sensitive data. This section explains how to implement and manage encryption keys.
Always Encrypted (Database Engine)
Ensuring on-premises database administrators, cloud database operators, or other high-privileged, but unauthorized users, cannot access the encrypted data.
Dynamic Data Masking
Limiting sensitive data exposure by masking it to non-privileged users.
SQL Server Certificates and Asymmetric Keys
Information about using Public Key Cryptography.
Securing SQL Server
Overview of how to help secure the [!INCLUDEssNoVersion] platform, and how to work with users and securable objects.
An overview of Azure SQL Database security capabilities
Overview of Azure SQL Database security for protecting data, controlling access, and proactive monitoring.
Cryptographic Functions (Transact-SQL)
Information about how to implement cryptographic functions.
ENCRYPTBYPASSPHRASE (Transact-SQL)
Information about how to use a password to encrypt data.
ENCRYPTBYKEY (Transact-SQL)
Information about how to use a symmetric key to encrypt data.
ENCRYPTBYASYMKEY (Transact-SQL)
Information about how to use an asymmetric key to encrypt data.
ENCRYPTBYCERT (Transact-SQL)
Information about how to use a certificate to encrypt data.
Microsoft TechNet: SQL Server TechCenter: SQL Server 2012 Security and Protection
Current information about [!INCLUDEssNoVersion] security.
sys.key_encryptions (Transact-SQL)
SQL Server and Database Encryption Keys (Database Engine)
Back Up and Restore Reporting Services Encryption Keys
Enable Encrypted Connections to the Database Engine