问题
I'm trying to setup a new Always Encrypted database using Azure Key Vault (I have previously had this working). In the SSMS Always Encrypted Wizard I can select the table and column to encrypt but I have a problem after selecting "Azure Key Vault" as the key store provider. I login and the window briefly pops up the dropdown that correctly lists my Key Vault in Azure but then it immediately goes away and has a warning triangle with the word "Purge" next to it and a "Try Again" button.
Clicking "Details" shows:
Any ideas what this means and how to get the wizard to complete?
I have tried this on 2 different installations of SQL 2016 with same result and using SSMS from different machines.
I know it says "We experienced issues in connecting to Azure" but since it is logging in and listing (briefly) my key vault what could the connection issue be?
Thanks.
Portion of details
===================================
We experienced issues in connecting to Azure (We experienced issues in connecting to Azure)
===================================
Purge (Microsoft.SqlServer.Management.ServiceManagement)
Program Location:
at Microsoft.SqlServer.Management.ServiceManagement.ResourceManagement.AzureKeyVaultKeyPermissionEnumConverter.ReadJson(JsonReader reader, Type objectType, Object existingValue, JsonSerializer serializer) at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.DeserializeConvertable(JsonConverter converter, JsonReader reader, Type objectType, Object existingValue) at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.PopulateList(IList list, JsonReader reader, JsonArrayContract contract, JsonProperty containerProperty, String id) at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateList(JsonReader reader, Type objectType, JsonContract contract, JsonProperty member, Object existingValue, String id)
Adding SSMS Version details here: Microsoft SQL Server Management Studio 13.0.16106.4 Microsoft Analysis Services Client Tools 13.0.1700.441 Microsoft Data Access Components (MDAC) 10.0.15063.0 Microsoft MSXML 3.0 4.0 6.0 Microsoft Internet Explorer 9.11.15063.0 Microsoft .NET Framework 4.0.30319.42000 Operating System 6.3.15063
回答1:
I was able workaround this by creating the KEY in the vault, scripting out the CREATE COLUMN MASTER KEY referencing the key's full version ID from the vault, creating a COLUMN ENCRYPTION KEY using the UI then use the Always Encrypted wizard to encrypt the designated columns with the appropriate keys.
来源:https://stackoverflow.com/questions/44657625/always-encrypted-with-azure-key-vault-ssms-purge-error