| title | Security Limitations for SQL Server on Linux | |
|---|---|---|
| description | Learn about SQL Server on Linux restrictions, including how using keys stored in Azure Key Vault and extensible Key Management aren't supported. | |
| author | rwestMSFT | |
| ms.author | randolphwest | |
| ms.date | 02/20/2025 | |
| ms.service | sql | |
| ms.subservice | linux | |
| ms.topic | conceptual | |
| ms.custom |
|
[!INCLUDE SQL Server - Linux]
[!INCLUDE ssnoversion-md] on Linux currently has the following limitations:
- A standard password policy is provided.
MUST_CHANGEis the only option you might configure. TheCHECK_POLICYoption isn't supported. - Extensible Key Management isn't supported in [!INCLUDE sssql22-md] CU 11 and earlier versions. Extensible Key Management is only supported through Azure Key Vault (AKV).
- [!INCLUDE ssnoversion-md] authentication mode can't be disabled.
- Password expiration is hard-coded to 90 days if you use [!INCLUDE ssnoversion-md] authentication.
- Using keys stored in the Azure Key Vault isn't supported in [!INCLUDE sssql22-md] CU 11 and earlier versions.
- [!INCLUDE ssnoversion-md] generates its own self-signed certificate for encrypting connections. [!INCLUDE ssnoversion-md] can be configured to use a user provided certificate for TLS.
Note
If you don't plan to connect your [!INCLUDE ssnoversion-md] containers to Windows Active Directory, the password expiration is hard-coded to 90 days, if you use [!INCLUDE ssnoversion-md] authentication only. To work around this issue, consider changing the CHECK_EXPIRATION policy.
For more information about security features available in [!INCLUDE ssnoversion-md], see the Security for SQL Server Database Engine and Azure SQL Database.
[!INCLUDE connect-with-sa]