HashiTalks 2025 Learn about unique use cases, homelab setups, and best practices at scale at our 24-hour virtual knowledge sharing event. Register
Vault
Vault Home

You are viewing documentation for version v1.9.x. View latest version.

Vault EKM provider for SQL Server

Note: This feature requires Vault Enterprise with the Advanced Data Protection Key Management module.

Microsoft SQL Server supports Transparent Data Encryption (TDE). The Database Encryption Keys (DEK) can be protected by asymmetric Key Encryption Keys (KEK) managed by Vault's Transit secret engine using SQL Server's Extensible Key Management (EKM).

See installation for help getting started with the Vault EKM provider for SQL Server.

Features

The following features are supported by the Vault EKM provider:

  • Management of KEK with Transit secret engine using rsa-2048 key cipher
  • AppRole auth