Skip to content

AKV provider docs update #964

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Mar 5, 2021
Merged

AKV provider docs update #964

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
31dd0db
Fix docs
cheenamalhotra Mar 5, 2021
7eb037f
Update src/Microsoft.Data.SqlClient/add-ons/AzureKeyVaultProvider/Sql…
cheenamalhotra Mar 5, 2021
455922d
Remove unused delegate for future
cheenamalhotra Mar 5, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
43 changes: 12 additions & 31 deletions ....Data.SqlClient/add-ons/AzureKeyVaultProvider/SqlColumnEncryptionAzureKeyVaultProvider.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,36 +14,26 @@ namespace Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider
{
/// <summary>
/// Implementation of column master key store provider that allows client applications to access data when a
/// column master key is stored in Microsoft Azure Key Vault. For more information on Always Encrypted, please refer to: https://aka.ms/AlwaysEncrypted.
/// column master key is stored in Microsoft Azure Key Vault.
///
/// For more information on Always Encrypted, please refer to: https://aka.ms/AlwaysEncrypted.
///
/// A Column Encryption Key encrypted with certificate store provider should be decryptable by this provider and vice versa.
///
/// Envelope Format for the encrypted column encryption key
/// version + keyPathLength + ciphertextLength + keyPath + ciphertext + signature
/// Envelope Format for the encrypted column encryption key :
/// version + keyPathLength + ciphertextLength + keyPath + ciphertext + signature
///
/// version: A single byte indicating the format version.
/// keyPathLength: Length of the keyPath.
/// ciphertextLength: ciphertext length
/// keyPath: keyPath used to encrypt the column encryption key. This is only used for troubleshooting purposes and is not verified during decryption.
/// ciphertext: Encrypted column encryption key
/// signature: Signature of the entire byte array. Signature is validated before decrypting the column encryption key.
/// - version: A single byte indicating the format version.
/// - keyPathLength: Length of the keyPath.
/// - ciphertextLength: ciphertext length
/// - keyPath: keyPath used to encrypt the column encryption key. This is only used for troubleshooting purposes and is not verified during decryption.
/// - ciphertext: Encrypted column encryption key
/// - signature: Signature of the entire byte array. Signature is validated before decrypting the column encryption key.
/// </summary>
/// <remarks>
/// <format type="text/markdown"><![CDATA[
/// ## Remarks
///
/// **SqlColumnEncryptionAzureKeyVaultProvider** is implemented for Microsoft.Data.SqlClient and supports .NET Framework 4.6.1+ and .NET Core 2.1+.
/// The provider name identifier for this implementation is "AZURE_KEY_VAULT" and it is not registered in driver by default.
/// Client applications must call the <xref=Microsoft.Data.SqlClient.SqlConnection.RegisterColumnEncryptionKeyStoreProviders> API only once in the lifetime of the driver to register this custom provider by implementing a custom Authentication Callback mechanism.
///
/// Once the provider is registered, it can used to perform Always Encrypted operations by creating Column Master Key using Azure Key Vault Key Identifier URL.
///
/// ## Example
///
/// Sample C# applications to demonstrate Always Encrypted use with Azure Key Vault are available at links below:
///
/// - [Example: Using Azure Key Vault with Always Encrypted](~/connect/ado-net/sql/azure-key-vault-example.md)
/// - [Example: Using Azure Key Vault with Always Encrypted with enclaves enabled](~/connect/ado-net/sql/azure-key-vault-enclave-example.md)
/// For more information, see: [Using the Azure Key Vault Provider](/sql/connect/ado-net/sql/sqlclient-support-always-encrypted#using-the-azure-key-vault-provider)
/// ]]></format>
/// </remarks>
public class SqlColumnEncryptionAzureKeyVaultProvider : SqlColumnEncryptionKeyStoreProvider
Expand Down Expand Up @@ -322,13 +312,4 @@ private byte[] CompileMasterKeyMetadata(string masterKeyPath, bool allowEnclaveC

#endregion
}

/// <summary>
/// The authentication callback delegate which is to be implemented by the client code
/// </summary>
/// <param name="authority"> Identifier of the authority, a URL. </param>
/// <param name="resource"> Identifier of the target resource that is the recipient of the requested token, a URL. </param>
/// <param name="scope"> The scope of the authentication request. </param>
/// <returns> access token </returns>
public delegate Task<string> AuthenticationCallback(string authority, string resource, string scope);
}