always encrypted readme

Author: jodebrui

samples/databases/wide-world-importers/sample-scripts/always-encrypted/DemonstrateAlwaysEncrypted - Window 2.sql

@@ -1,12 +1,13 @@
 -- Always Encrypted Demo - Window 2
+-- This connection is used to simulate a client app
 
 -- note this demo is continued from the first demo window
 
--- 4b. Right-click in this window and choose Connection, then Change Connection. 
--- 4c. In the connection dialog, click Options.
--- 4d. Type WideWorldImporters for the database name.
--- 4e. Click on Additional Connection Parameters and enter: Column Encryption Setting=enabled
--- 4f. Click Connect
+-- 5b. Right-click in this window and choose Connection, then Change Connection. 
+-- 5c. In the connection dialog, click Options.
+-- 5d. Type WideWorldImporters for the database name.
+-- 5e. Click on Additional Connection Parameters and enter: Column Encryption Setting=enabled
+-- 5f. Click Connect
 
 -- Note that when acting as a client with access to the certificate, we
 -- can see the data. Remember that this can only work because
@@ -16,4 +17,6 @@
 SELECT * FROM Purchasing.Supplier_PrivateDetails ORDER BY SupplierID;
 GO
 
+
+
 -- Continue on the first window.

samples/databases/wide-world-importers/sample-scripts/always-encrypted/DemonstrateAlwaysEncrypted.sql

@@ -101,9 +101,9 @@ GO
 TRUNCATE TABLE Purchasing.Supplier_PrivateDetails;
 GO
 
--- 3a. Now execute the .NET app to populate the data
+-- 3. Run the client application PopulateAlwaysEncryptedData.exe to insert sample data
 
--- Note that it has been inserted but is not visible within the database
+-- 4. Verify that, on the server side (which does not have the keys), all the data is encrypted
 
 SELECT * FROM Purchasing.Supplier_PrivateDetails ORDER BY SupplierID;
 GO
@@ -113,9 +113,11 @@ GO
 -- the client happens to be the same machine as the server in our 
 -- case. 
 
--- 4a. Open the second query window for this demonstration and follow the instructions there.
+-- 5a. Open the second query window for this demonstration and follow the instructions there.
 
--- 5a. Clean up afterwards.
+
+
+-- 6. (optional) Clean up afterwards.
 
 -- Remove any existing column keys and/or table
 DROP TABLE IF EXISTS Purchasing.Supplier_PrivateDetails;

samples/databases/wide-world-importers/sample-scripts/always-encrypted/README.md

@@ -0,0 +1,68 @@
+# Sample for use of Always Encrypted in WideWorldImportersDW
+
+This script demonstrates the use of Always Encrypted to encrypt sensitive data in the database. 
+
+
+### Contents
+
+[About this sample](#about-this-sample)<br/>
+[Before you begin](#before-you-begin)<br/>
+[Running the sample](#run-this-sample)<br/>
+[Sample details](#sample-details)<br/>
+[Disclaimers](#disclaimers)<br/>
+[Related links](#related-links)<br/>
+
+
+<a name=about-this-sample></a>
+
+## About this sample
+
+<!-- Delete the ones that don't apply -->
+1. **Applies to:** SQL Server 2016 (or higher), Azure SQL Database
+1. **Key features:** Always Encrypted
+1. **Workload:** OLTP
+1. **Programming Language:** T-SQL, C#
+1. **Authors:** Greg Low, Jos de Bruijn
+1. **Update history:** 26 May 2016 - initial revision
+
+<a name=before-you-begin></a>
+
+## Before you begin
+
+To run this sample, you need the following prerequisites.
+
+**Software prerequisites:**
+
+<!-- Examples -->
+1. SQL Server 2016 (or higher) or Azure SQL Database. 
+2. SQL Server Management Studio
+3. Visual Studio 2015
+4. The WideWorldImporters database.
+
+<a name=run-this-sample></a>
+
+## Running the sample
+
+1. Build the solution to create the data population app.
+
+2. Open both scripts in different windows or tabs in Management Studio.
+
+3. Follow the instructions in the main script DemonstrateAlwaysEncrypted.sql.
+
+## Sample details
+
+The sample adds a new table with sensitive data about suppliers. This sensitive data is always encrypted.
+
+As part of the sample you create an encryption key that is saved locally (where you run SSMS). The client application inserts data into the table. With the sample scripts you will see how the data is encrypted in the table and cannot be viewed, even by a sysadmin, unless you have the encryption key.
+
+<a name=disclaimers></a>
+
+## Disclaimers
+The code included in this sample is not intended to be used for production purposes.
+
+<a name=related-links></a>
+
+## Related Links
+<!-- Links to more articles. Remember to delete "en-us" from the link path. -->
+TBD
+