| title | sp_enclave_send_keys (Transact-SQL) | Microsoft Docs | ||||
|---|---|---|---|---|---|
| ms.custom | |||||
| ms.date | 10/19/2019 | ||||
| ms.prod | sql | ||||
| ms.prod_service | database-engine, sql-database | ||||
| ms.reviewer | vanto | ||||
| ms.suite | sql | ||||
| ms.technology | system-objects | ||||
| ms.tgt_pltfrm | |||||
| ms.topic | language-reference | ||||
| f1_keywords |
|
||||
| helpviewer_keywords |
|
||||
| author | jaszymas | ||||
| ms.author | jaszymas | ||||
| monikerRange | >= sql-server-ver15 || = sqlallproducts-allversions |
[!INCLUDE tsql-appliesto-ssver15-xxxx-xxxx-xxx-winonly]
Sends columns encryption keys, defined in the database, to the server-side secure enclave used with Always Encrypted with secure enclaves.
sp_enclave_send_keys only sends only the keys that are enclave-enabled and encrypt columns that use randomized encryption and have indexes. For a regular user query, a client driver provides the enclave with the keys needed for computations in the query. sp_enclave_send_keys sends all column encryption keys defined in the database and used for indexes encrypted columns.
sp_enclave_send_keys provides an easy way to send keys to the enclave and populate the column encryption key cache for subsequent indexing operations. Use sp_enclave_send_keys to enable:
- A DBA to rebuild or alter indexes or statistics on encrypted database columns, if the DBA does not have access to the column master key(s). See Invoke indexing operations using cached column encryption keys.
- [!INCLUDE ssnoversion-md] to complete the recovery of indexes on encrypted columns. See Database Recovery.
- An application using .NET Framework Data Provider for SQL Server to bulk load data to encrypted columns.
To successfully invoke sp_enclave_send_keys, you need to connect to the database with Always Encrypted and enclave computations enabled for the database connection. You also need to have access to column master keys, protecting the column encryption keys, you are going to send, and you need permissions to access Always Encrypted key metadata in the database.
sp_enclave_send_keys
[ ;]
This stored procedure has no arguments.
This stored procedure has no return value.
This stored procedure has no result sets.
Require the VIEW ANY COLUMN ENCRYPTION KEY DEFINITION and VIEW ANY COLUMN MASTER KEY DEFINITION permissions in the database.
EXEC sp_enclave_send_keys;