Skip to content

Introduce Async API counterparts for AE base class #3673

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Introduce Async API counterparts for AE base class #3673

wants to merge 2 commits into from

Conversation

cheenamalhotra
Copy link
Member

For #3672:

Introduces async API counterparts in base class 'SqlColumnEncryptionKeyStoreProvider'

@cheenamalhotra cheenamalhotra added this to the 7.0-preview2 milestone Oct 8, 2025
@cheenamalhotra cheenamalhotra requested a review from a team as a code owner October 8, 2025 04:20
@Copilot Copilot AI review requested due to automatic review settings October 8, 2025 04:20
@cheenamalhotra cheenamalhotra mentioned this pull request Oct 8, 2025
Open
13 tasks
Copilot
Copilot AI reviewed Oct 8, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

Adds asynchronous counterparts to key store provider APIs in SqlColumnEncryptionKeyStoreProvider to enable async implementations for Always Encrypted key operations.
Key changes:

  • Introduced async virtual methods (Decrypt/Encrypt column encryption key, Sign/Verify CMK metadata) that currently throw NotImplementedException.
  • Added corresponding XML documentation entries for the new async methods.
  • Minor wording adjustments in existing XML return documentation.

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 7 comments.

File Description
src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SqlColumnEncryptionKeyStoreProvider.cs Adds async virtual method stubs for encryption key and metadata operations.
doc/snippets/Microsoft.Data.SqlClient/SqlColumnEncryptionKeyStoreProvider.xml Documents newly added async methods and adjusts some existing return descriptions.

edwardneal
edwardneal reviewed Oct 8, 2025
View reviewed changes
...Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SqlColumnEncryptionKeyStoreProvider.cs
public abstract byte[] DecryptColumnEncryptionKey(string masterKeyPath, string encryptionAlgorithm, byte[] encryptedColumnEncryptionKey);

/// <include file='../../../../../../doc/snippets/Microsoft.Data.SqlClient/SqlColumnEncryptionKeyStoreProvider.xml' path='docs/members[@name="SqlColumnEncryptionKeyStoreProvider"]/DecryptColumnEncryptionKeyAsync/*'/>
public virtual Task<byte[]> DecryptColumnEncryptionKeyAsync(string masterKeyPath, string encryptionAlgorithm, byte[] encryptedColumnEncryptionKey)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cryptographic tasks will normally complete synchronously; Azure Key Vault is the exception here. What about returning ValueTask<byte[]>, to remove an allocation in the synchronous case?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since these 4 new async methods are all implemented by calling their synchronous counterparts, I would agree that the operations will definitely complete synchronously.

Do we plan to re-implement these in terms of some other underlying async methods later?

Copy link
Member Author

@cheenamalhotra cheenamalhotra Oct 8, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, these implementations will be re-implemented in all Key Vault providers, as issue #3672 covers. Both sync and async will be made truly sync and truly async flows - with external calls separated.

Also, in the codebase, we want to make sure we call sync v/s async APIs of AE that are separated based on caller.

This, here, is a fallback for any consumer of AE implementation without async implementation.

@paulmedynski paulmedynski self-assigned this Oct 8, 2025
paulmedynski
paulmedynski reviewed Oct 8, 2025
View reviewed changes
Copy link
Contributor

@paulmedynski paulmedynski left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Asking for clarification on return types and synchronous implementation.

benrr101
benrr101 requested changes Oct 8, 2025
View reviewed changes
Copy link
Contributor

@benrr101 benrr101 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For new APIs we should have some discussion on the signatures. Definitely won't be able to get this in before preview2.

@benrr101 benrr101 modified the milestones: 7.0-preview2, 7.0.0 Oct 8, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@paulmedynski paulmedynski paulmedynski left review comments

Copilot code review Copilot Copilot left review comments

@benrr101 benrr101 benrr101 requested changes

+1 more reviewer

@edwardneal edwardneal edwardneal left review comments

Reviewers whose approvals may not affect merge requirements

Requested changes must be addressed to merge this pull request.

Assignees

@paulmedynski paulmedynski

Labels
None yet
Projects
None yet
Milestone
7.0.0
Development

Successfully merging this pull request may close these issues.
4 participants
@cheenamalhotra @benrr101 @paulmedynski @edwardneal