我正在尝试从macOS上的VSCode连接到使用始终加密机制来保护某些列的SQL Server数据库。主密钥存储在 Azure密钥库中。
使用Microsoft提供的always encrypted guide能够成功连接到数据库。
对于在我的mac上使用VSCode而不打开加密/解密的简单连接也是如此。我使用 mssql-extension 插件并在我能够查询数据的设置中提供必要的信息
设置
"mssql.connections": [
{
"server": "XXXXXXXX.database.windows.net",
"database": "AlwaysEncrypted",
"authenticationType": "SqlLogin",
"user": "XXXXX",
"password": "",
"emptyPasswordInput": false,
"savePassword": true,
"profileName": "AlwaysEncrypted"
}
]
查询
SELECT * FROM EmployeeDetails
结果
[
{
"EmployeeDetailsId": "1",
"EmployeeNo": "FE00000001",
"FirstName": "0x013EC8AB61767E1C3D934AB061BCA658B6948637812450C8245DCE4C447F59FD1D6252069A36A67E3477E1C5FB24D860E72FBCC65F98C92B92AB873CE55349672A",
"MiddleName": "0x015354526EC17EB1151AE918514E565507EDCB5691B4215C45798CA86EB11C47EECA579242926EDFE9F6543006177CBFC03E0F95CD0D8CAE6C941AE173AAF2B925",
"LastName": "0x0170B3FD2B0416E0607312FB2A67B0F42798EC1871FEAB90AB81235ADACDE1C4F5614099FA3B61E59FEB2D6AD599CB3A9FD031FE56F327F0C80F4BA963EE7E155A",
"DateOfBirth": "1985-08-12 00:00:00.000"
}
]
遵循两个指南
我确实尝试使用 mssql-extension 创建另一个连接并提供 ODBC连接字符串但最终在查询时未能获得解密数据(建立连接时)精细)。结果与上面发布的相同
带连接字符串的设置
"mssql.connections": [
{
"server": "XXXXXXXX.database.windows.net",
"database": "AlwaysEncrypted",
"authenticationType": "SqlLogin",
"user": "XXXXX",
"password": "",
"emptyPasswordInput": false,
"savePassword": true,
"profileName": "AlwaysEncrypted_WithKeyVault",
"connectionString": "SERVER=XXXXXX.database.windows.net;Trusted_Connection=Yes;DATABASE=AlwaysEncrypted;ColumnEncryption=Enabled;KeyStoreAuthentication=KeyVaultPassword;KeyStorePrincipalId=USER.NAME@DOMAIN.com;KeyStoreSecret=PASSWORD"
}
]
任何人都可以帮我弄清楚如何正确设置连接,以便在使用VSCode时加密/解密透明吗?