Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Track progress on Azure Key Vault support for .NET Core #111

Closed
David-Engel opened this issue May 20, 2019 · 16 comments
Closed

Track progress on Azure Key Vault support for .NET Core #111

David-Engel opened this issue May 20, 2019 · 16 comments
Assignees
@cheenamalhotra @David-Engel
Labels
💡 Enhancement New feature request 🔗 External Issue is in an external component
Projects
SqlClient v1.1.0
Milestone
1.1.0

Comments

@David-Engel
Copy link
Contributor

Microsoft.SqlServer.Management.AlwaysEncrypted.AzureKeyVaultProvider does not yet support .NET Core. Filing this issue to keep track of when the team that owns it releases an update that does support .NET Core.

Reference: https://www.nuget.org/packages/Microsoft.SqlServer.Management.AlwaysEncrypted.AzureKeyVaultProvider
@David-Engel David-Engel mentioned this issue May 20, 2019
Closed
@David-Engel David-Engel added 🔗 External Issue is in an external component 💡 Enhancement New feature request labels May 20, 2019
@David-Engel David-Engel self-assigned this May 20, 2019
@naresh1990
Copy link

Any update on this? or any timeline for this to be included in .NET Core?

@cheenamalhotra cheenamalhotra added this to Under Investigation in SqlClient Triage Board Jul 11, 2019
@David-Engel
Copy link
Contributor Author

Any update on this? or any timeline for this to be included in .NET Core?

No update. It's not "in .NET Core". It's an independent library which needs to support .NET Core targets. The team that owns it says it's a high priority on their TODO list but there is no timeline right now.

@cheenamalhotra cheenamalhotra added this to the Future milestone Jul 25, 2019
@cheenamalhotra cheenamalhotra moved this from Under Investigation to Low priority in SqlClient Triage Board Jul 25, 2019
@cheenamalhotra cheenamalhotra moved this from Low priority to Ideas for Future in SqlClient Triage Board Jul 31, 2019
@ghost
Copy link

ghost commented Aug 22, 2019

I was able to get this to work by re-implementing the SqlColumnEncryptionAzureKeyVaultProvider by mostly copying the decompiled source of the .NET Framework version. Using dotPeek or ILSpy on the dll inside the https://www.nuget.org/api/v2/package/Microsoft.SqlServer.Management.AlwaysEncrypted.AzureKeyVaultProvider/2.1.0 nupkg you can see the decompiled source of SqlColumnEncryptionAzureKeyVaultProvider, and the only real things that needed changing that I could see were replacing new SHA256Cng() with SHA256.Create() a few times and replacing System.Data.SqlClient with Microsoft.Data.SqlClient (and I was lazy and replaced the resource managed strings in Strings.cs with constants).
Then, with this copied class, the only nuget packages you need (which are .net standard) are Microsoft.Azure.KeyVault and Microsoft.IdentityModel.Clients.ActiveDirectory. From there, I was able to follow this guide https://docs.microsoft.com/en-us/azure/sql-database/sql-database-always-encrypted-azure-key-vault#register-the-azure-key-vault-provider without issue.

My test application had these package references:

<PackageReference Include="Microsoft.Azure.KeyVault" Version="2.3.2" />
<PackageReference Include="Microsoft.Data.SqlClient" Version="1.0.19221.1-Preview" />
<PackageReference Include="Microsoft.IdentityModel.Clients.ActiveDirectory" Version="5.2.0" />

Also tested and worked (on my machine! through windows and docker) with Microsoft.Azure.KeyVault 3.0.4.

I would post the source of the provider, but I'm not sure if posting modified decompiled source goes against the license.

@David-Engel
Copy link
Contributor Author

Update: The team that owns the AKV provider is going to pass it to us (the SqlClient team) to work on. We will start working on it as soon as we can and hopefully have an updated version out in September/October.

@David-Engel David-Engel mentioned this issue Aug 23, 2019
Closed
@beufordy3k
Copy link

Update: The team that owns the AKV provider is going to pass it to us (the SqlClient team) to work on. We will start working on it as soon as we can and hopefully have an updated version out in September/October.

@David-Engel
Will this be available as a dev myget feed here? https://dotnet.myget.org/gallery/aspnetcore-dev

Does this have any milestones set yet? Thanks!

@Tim-Bijnens
Copy link

Tim-Bijnens commented Sep 10, 2019
edited

Any update or timeframe on this?

We have several new .Net Core projects running on Azure app service that have to use (time consuming and not ideally performing) work arounds to handle the encrypted data via the regular EF Azure KeyVault provider.

I tried @dferretti suggestion but could not get it to work in the limited time frame I was given.

Thank you!

@ErikEJ
Copy link
Contributor

ErikEJ commented Sep 10, 2019

@Tim-Bijens Looks like it is planned for 1.1: https://github.com/dotnet/SqlClient/projects/4

@cheenamalhotra cheenamalhotra added this to To do in SqlClient v1.1.0 via automation Oct 7, 2019
@cheenamalhotra cheenamalhotra removed this from Ideas for Future in SqlClient Triage Board Oct 7, 2019
@cheenamalhotra cheenamalhotra modified the milestones: Future, 1.1.0 Oct 7, 2019
@cheenamalhotra cheenamalhotra moved this from To do to In progress in SqlClient v1.1.0 Oct 7, 2019
@cheenamalhotra cheenamalhotra self-assigned this Oct 7, 2019
@cperras cperras mentioned this issue Oct 11, 2019
Closed
@cperras
Copy link

cperras commented Oct 11, 2019
edited

@cheenamalhotra @David-Engel hi - any eta an when 1.1 might be released and/or a preview version of SqlColumnEncryptionAzureKeyVaultProvider will be available?

we have an open story on this, so we just want to plan next steps. thanks!

@cheenamalhotra cheenamalhotra mentioned this issue Oct 17, 2019
Merged
@cheenamalhotra cheenamalhotra moved this from In progress to Review in progress in SqlClient v1.1.0 Oct 17, 2019
@cheenamalhotra
Copy link
Member

@cperras very soon! Stay tuned :)

@cheenamalhotra
Copy link
Member

@cperras @Tim-Bijnens @beufordy3k @naresh1990 @dferretti

We have released the first public preview version of Azure Key Vault Provider today, please download from here: v1.0.0-preview1

Please note that the AKV Provider is targeted for SqlClient v1.1 hence will work with v1.1.0-preview1 version of Microsoft.Data.SqlClient.

Please try it out and send us your feedback so we can enhance the library for a stable version.

@cheenamalhotra
Copy link
Member

M.D.S AE Azure Key Vault Provider 1.0.0 GA version of library has been released today.
Closing issue.

SqlClient v1.1.0 automation moved this from Review in progress to Done Nov 19, 2019
@chris5287
Copy link

Great news! Has this been retargeted at MDS v1.0.1 or has v1.1.0 been released as well?

@cheenamalhotra
Copy link
Member

@chris5287 it now targets M.D.S v1.0.19269.1

@chris5287
Copy link

Would this work with EF Core 3 straight out the box, or is there a change needed in their code base?

@cheenamalhotra
Copy link
Member

I don't see EF Core 3.0 or 3.0.1 nuget is referencing driver version 1.0.19269.1 yet, but 3.1.0-preview2 seems to have updated to this version that can be used.

@ErikEJ
Copy link
Contributor

ErikEJ commented Nov 20, 2019

You can always reference a newer version explicitly

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@cheenamalhotra cheenamalhotra

@David-Engel David-Engel

Labels
💡 Enhancement New feature request 🔗 External Issue is in an external component
Projects
No open projects
SqlClient v1.1.0
  
Done
Milestone
1.1.0
Development

No branches or pull requests
8 participants
@naresh1990 @chris5287 @cperras @beufordy3k @ErikEJ @cheenamalhotra @David-Engel @Tim-Bijnens