From bd60c01863213fcc06e3b8c0c4b80bae363aef39 Mon Sep 17 00:00:00 2001 From: Cheena Malhotra Date: Tue, 22 Oct 2019 14:57:59 -0700 Subject: [PATCH] Update AKV Provider dependencies and packaging details (#282) --- buildAddons.cmd | 2 +- doc/samples/AzureKeyVaultProviderExample.cs | 2 ++ ...waysEncrypted.AzureKeyVaultProvider.csproj | 8 +++--- ...qlColumnEncryptionAzureKeyVaultProvider.cs | 23 ++++++++++++++-- ...waysEncrypted.AzureKeyVaultProvider.nuspec | 27 ++++++++++++------- 5 files changed, 46 insertions(+), 16 deletions(-) diff --git a/buildAddons.cmd b/buildAddons.cmd index cc3f1d342c..e958ed14cb 100644 --- a/buildAddons.cmd +++ b/buildAddons.cmd @@ -1,5 +1,5 @@ call :pauseOnError msbuild /p:configuration=Release /t:clean -call :pauseOnError msbuild /p:configuration=Release /t:BuildAll +call :pauseOnError msbuild /p:configuration=Release /t:BuildAllConfigurations call :pauseOnError msbuild /p:configuration=Release /t:BuildAKVNetFx call :pauseOnError msbuild /p:configuration=Release /t:BuildAKVNetCoreAllOS call :pauseOnError msbuild /p:configuration=Release /t:GenerateAKVProviderNugetPackage diff --git a/doc/samples/AzureKeyVaultProviderExample.cs b/doc/samples/AzureKeyVaultProviderExample.cs index e21149914a..d63aef24f8 100644 --- a/doc/samples/AzureKeyVaultProviderExample.cs +++ b/doc/samples/AzureKeyVaultProviderExample.cs @@ -2,6 +2,7 @@ using System.Collections.Generic; using System.Security.Cryptography; using System.Threading.Tasks; +// using Microsoft.Data.SqlClient; using Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider; using Microsoft.IdentityModel.Clients.ActiveDirectory; @@ -254,3 +255,4 @@ public CustomerRecord(int id, string fName, string lName) } } } +// diff --git a/src/Microsoft.Data.SqlClient/add-ons/AzureKeyVaultProvider/Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider.csproj b/src/Microsoft.Data.SqlClient/add-ons/AzureKeyVaultProvider/Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider.csproj index 7f42673596..5528cb079b 100644 --- a/src/Microsoft.Data.SqlClient/add-ons/AzureKeyVaultProvider/Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider.csproj +++ b/src/Microsoft.Data.SqlClient/add-ons/AzureKeyVaultProvider/Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider.csproj @@ -21,9 +21,9 @@ - - - - + + + + diff --git a/src/Microsoft.Data.SqlClient/add-ons/AzureKeyVaultProvider/SqlColumnEncryptionAzureKeyVaultProvider.cs b/src/Microsoft.Data.SqlClient/add-ons/AzureKeyVaultProvider/SqlColumnEncryptionAzureKeyVaultProvider.cs index 895b56c5ef..bef4d26839 100644 --- a/src/Microsoft.Data.SqlClient/add-ons/AzureKeyVaultProvider/SqlColumnEncryptionAzureKeyVaultProvider.cs +++ b/src/Microsoft.Data.SqlClient/add-ons/AzureKeyVaultProvider/SqlColumnEncryptionAzureKeyVaultProvider.cs @@ -18,8 +18,10 @@ namespace Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider { /// - /// Provides implementation similar to certificate store provider. - /// A CEK encrypted with certificate store provider should be decryptable by this provider and vice versa. + /// Implementation of column master key store provider that allows client applications to access data when a + /// column master key is stored in Microsoft Azure Key Vault. For more information on Always Encrypted, please refer to: https://aka.ms/AlwaysEncrypted. + /// + /// A Column Encryption Key encrypted with certificate store provider should be decryptable by this provider and vice versa. /// /// Envolope Format for the encrypted column encryption key /// version + keyPathLength + ciphertextLength + keyPath + ciphertext + signature @@ -30,6 +32,23 @@ namespace Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider /// ciphertext: Encrypted column encryption key /// signature: Signature of the entire byte array. Signature is validated before decrypting the column encryption key. /// + /// + /// is implemented for Microsoft.Data.SqlClient driver and supports .NET Framework 4.6+ and .NET Core 2.1+. + /// The provider name identifier for this implementation is "AZURE_KEY_VAULT" and it is not registered in driver by default. + /// Client applications must call API only once in the lifetime of driver to register this custom provider by implementing a custom Authentication Callback mechanism. + /// + /// Once the provider is registered, it can used to perform Always Encrypted operations by creating Column Master Key using Azure Key Vault Key Identifier URL. + /// + /// ## Example + /// + /// A sample C# application to demonstrate Always Encrypted with Azure Key Vault can be download from samples directory: + /// + /// [!code-csharp[AzureKeyVaultProviderExample#1](~/../sqlclient/doc/samples/AzureKeyVaultProvider.cs#1)] + /// ]]> + /// public class SqlColumnEncryptionAzureKeyVaultProvider : SqlColumnEncryptionKeyStoreProvider { #region Properties diff --git a/tools/specs/add-ons/Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider.nuspec b/tools/specs/add-ons/Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider.nuspec index 1831aefa87..6457bc6ce7 100644 --- a/tools/specs/add-ons/Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider.nuspec +++ b/tools/specs/add-ons/Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider.nuspec @@ -9,27 +9,36 @@ MIT https://aka.ms/sqlclientproject dotnet.png + Always Encrypted Azure Key Vault Provider for Microsoft.Data.SqlClient. +This library enables .NET Core and .NET Framework applications to use Microsoft Azure Key Vault with Always Encrypted in Microsoft Azure SQL Database and Microsoft SQL Server. The library includes the column master key store provider that allows client applications to access data when a column master key is stored in Microsoft Azure Key Vault. For more information on Always Encrypted, please refer to: https://aka.ms/AlwaysEncrypted. + +Use this library only with the Microsoft.Data.SqlClient (https://www.nuget.org/packages/Microsoft.Data.SqlClient) client driver. If you are using the legacy .NET Framework Data Provider for SQL Server within the System.Data.SqlClient namespace in .NET Framework (https://www.nuget.org/packages/System.Data.SqlClient) as a client driver, you need to use Microsoft.SqlServer.Management.AlwaysEncrypted.AzureKeyVaultProvider (http://www.nuget.org/packages/Microsoft.SqlServer.Management.AlwaysEncrypted.AzureKeyVaultProvider) instead of this package. + +For more information on Always Encrypted, please refer to: https://aka.ms/AlwaysEncrypted. + Available Types: Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyStoreProvider.SqlColumnEncryptionAzureKeyVaultProvider https://go.microsoft.com/fwlink/?linkid=2090501 © Microsoft Corporation. All rights reserved. - sqlclient microsoft.data.sqlclient AzureKeyVaultProvider akvprovider alwaysencrypted + sqlclient microsoft.data.sqlclient azurekeyvaultprovider akvprovider alwaysencrypted - - - - + + + + + - - - - + + + + +