{"id":3588,"date":"2023-04-12T15:39:33","date_gmt":"2023-04-12T15:39:33","guid":{"rendered":"https:\/\/quebit.com\/askquebit\/always-encrypting-sensitive-sql-data\/"},"modified":"2026-01-15T18:15:05","modified_gmt":"2026-01-15T18:15:05","slug":"always-encrypting-sensitive-sql-data","status":"publish","type":"post","link":"https:\/\/quebit.com\/askquebit\/always-encrypting-sensitive-sql-data\/","title":{"rendered":"How Do I Use SQL Server\u2019s Always Encrypted Feature to Protect Sensitive Data?"},"content":{"rendered":"<p>In an earlier post I spent some time <a href=\"https:\/\/quebit.com\/askquebit\/quebit-products\/exploring-symmetric-encryption-in-sql\/\">exploring symmetric encryption in SQL Server<\/a>. In this article I wanted to address another kind of security offered in SQL Server: \u201c<a href=\"https:\/\/docs.microsoft.com\/en-us\/sql\/relational-databases\/security\/encryption\/always-encrypted-database-engine?view=sql-server-ver15\">Always Encrypted<\/a>\u201d.<\/p>\n<p>Always Encrypted is a security feature which was introduced in an earlier version of SQL Server and is designed to ensure that data stored in a database remains encrypted at all times during SQL Server query processing.\u00a0What is perhaps unique about this feature is that it allows <em>clients<\/em> to encrypt their sensitive data inside their client application without revealing the encryption key to the database engine.<\/p>\n<p>As a result, Always Encrypted provides a <strong>separation<\/strong> between those who \u201cown the data\u201d and those who \u201cmanage the data\u201d. Even DBAs, system and cloud administrators cannot access the data that you encrypt.<\/p>\n<p><strong>How Always Encrypted Works<\/strong><\/p>\n<p>Always Encrypted is a client-side encryption and makes encryption \u201ctransparent\u201d to the application, meaning data is <em>transparently<\/em> encrypted and decrypted by a client driver, using the client managed the encryption key.<\/p>\n<p>The encryption key can be stored in either the <a href=\"https:\/\/docs.microsoft.com\/en-us\/windows-hardware\/drivers\/install\/local-machine-and-current-user-certificate-stores\">Windows certificate store<\/a> on the client machine or an <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/key-vault\/general\/overview\">Azure Key Vault<\/a>. Since the keys are managed client-side, the server does not have access to them.<\/p>\n<p>The client driver encrypts data before passing it to the Database Engine and automatically rewrites queries so that the semantics are preserved. When the client application retrieves the encrypted data from the database, the same driver transparently decrypts the data to return plain text.\u00a0Consequently, SQL Server never sees the sensitive information in plain text.<\/p>\n<p><strong>Let\u2019s Try Setting up Always Encrypted in SQL Server<\/strong><\/p>\n<p>So, what are the steps to use Always Encrypted to encrypt data in a SQL Server table?<\/p>\n<p>Connect to the database where you want to implement Always Encrypted using SQL Server Management Studio (SSMS) and simply <strong>right-click<\/strong> on a table (that you want to target) and select <strong>Encrypt Columns<\/strong>.<\/p>\n<p>As a simple example, I chose a random table in my database named: production.brands.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1963 alignnone\" src=\"https:\/\/quebit.com\/askquebit\/wp-content\/uploads\/2022\/01\/SQ1-min.jpg\" alt=\"\" width=\"445\" height=\"641\" \/><\/p>\n<p>On the right-click, the <strong>Always Encrypted wizard <\/strong>will start to guide you through the process of encrypting column(s) in the selected table. The wizard has 6 steps (Introduction, Column Selection, Master Key Configuration, Run Settings, Summary and Results) as shown on the left-hand side:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1952 alignnone\" src=\"https:\/\/quebit.com\/askquebit\/wp-content\/uploads\/2022\/01\/SQ2-min.jpg\" alt=\"\" width=\"826\" height=\"645\" \/><\/p>\n<p><strong>Column Selection<\/strong><\/p>\n<p>On the Introduction dialog, clicking the <strong>Next<\/strong> button proceeds to the <strong>column selection step. <\/strong>In this step, you select the columns that you want to encrypt (or decrypt) and define the target encryption type for the selected column(s).<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1953 alignnone\" src=\"https:\/\/quebit.com\/askquebit\/wp-content\/uploads\/2022\/01\/SQ3-min.jpg\" alt=\"\" width=\"864\" height=\"458\" \/><\/p>\n<p>The table I\u2019ve chosen for this exercise (production.brands) has only 2 columns, so I selected the column \u201cbrand_name\u201d to be encrypted. I have also selected <em>Randomized<\/em> as the <strong>Encryption Type<\/strong> and let the <strong>Encryption Key<\/strong> default to a new key name of \u201cCEK_Auto 1\u201d. Always Encrypted supports two encryption types: randomized and deterministic. For information about encryption types supported in Always Encrypted, see\u00a0<a href=\"https:\/\/docs.microsoft.com\/en-us\/sql\/relational-databases\/security\/encryption\/always-encrypted-database-engine?view=sql-server-ver15#selecting--deterministic-or-randomized-encryption\">Selecting Deterministic or Randomized Encryption<\/a>.<\/p>\n<p><strong>Master Key Configuration <\/strong><\/p>\n<p>Click <strong>Next<\/strong> (again) and the wizard will move on to the <strong>Master Key configuration<\/strong> step.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1954 alignnone\" src=\"https:\/\/quebit.com\/askquebit\/wp-content\/uploads\/2022\/01\/SQ4-min.jpg\" alt=\"\" width=\"869\" height=\"369\" \/><\/p>\n<p>Here, I selected the default: <em>Auto generate column master key<\/em> (rather than using an existing key) and to keep things uncomplicated, I also selected the <strong>Windows Certificate Store<\/strong> as the \u201cstore provider\u201d (where the key will be stored).<\/p>\n<p><strong>Run Settings<\/strong><\/p>\n<p>Click <strong>Next<\/strong> and we are presented with the <strong>Run Settings<\/strong> step. Here, the wizard gives you a choice to \u201c<em>Proceed to finish now<\/em>\u201d or \u201c<em>Generate a PowerShell script to run later\u201d<\/em>. I selected Proceed to finish now. Keep in mind that if choose to proceed now, applying Always Encryption to existing data can take a fair amount of time, depending on the volume of your data so you may want to consider generating the PowerShell script and running it during and off-peak time.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1955 alignnone\" src=\"https:\/\/quebit.com\/askquebit\/wp-content\/uploads\/2022\/01\/SQ5-min.jpg\" alt=\"\" width=\"876\" height=\"683\" \/><\/p>\n<p><strong>Summary and Results<\/strong><\/p>\n<p>In the <strong>Summary<\/strong> step you get a chance to perform a <em>final review<\/em> of your selections (server name, database name, master keys, certificate store, key(s), selected table, and column(s) and of course the encryption type(s) to be generated) and then click <strong>Previous<\/strong> (to go back and make any adjustments) or click <strong>Finish (<\/strong>to proceed and apply the encryption). The <strong>Results<\/strong> step will show a summary of the progress and result of each task as the encryption is applied. A more detailed <strong>Encryption Wizard Log Report<\/strong> is also generated and available.<\/p>\n<p><strong>Did it Work?<\/strong><\/p>\n<p>Once the <strong>Encryption Wizard <\/strong>has completed successfully it is a good idea to validate things. To start, since I selected the Windows certificate store to store the generated certificate, I can open the Certificate Manager tool\u00a0 (<a href=\"https:\/\/docs.microsoft.com\/en-us\/dotnet\/framework\/tools\/certmgr-exe-certificate-manager-tool\">certmgr.msc<\/a>) on the local computer and should be able to locate the <strong>Always Encrypted Auto Certificate<\/strong>:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1956 alignnone\" src=\"https:\/\/quebit.com\/askquebit\/wp-content\/uploads\/2022\/01\/SQ6-min.jpg\" alt=\"\" width=\"932\" height=\"316\" \/><\/p>\n<p>Next, within the SQL Server database, I can review the <strong>Column Encryption Keys<\/strong> and <strong>Column Master Keys<\/strong> (under Security, then Always Encrypted Keys):<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1957 alignnone\" src=\"https:\/\/quebit.com\/askquebit\/wp-content\/uploads\/2022\/01\/SQ7-min.jpg\" alt=\"\" width=\"464\" height=\"351\" \/><\/p>\n<p>Finally, if we execute a SELECT query the production.brands table we should see the following results (all the values are encrypted for the brand_name column):<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1958 alignnone\" src=\"https:\/\/quebit.com\/askquebit\/wp-content\/uploads\/2022\/01\/SQ8-min.jpg\" alt=\"\" width=\"872\" height=\"510\" \/><\/p>\n<p>On the client machine where the certificate is being stored, we should be able to access the data in decrypted form, so let\u2019s perform a few tests.<\/p>\n<p><strong>Using SQL Server Management Studio<\/strong><\/p>\n<p>To use SQL Server Management Studio (SSMS) on the client machine you can:<\/p>\n<ol>\n<li>Open the connection dialog<\/li>\n<li>Click on the <strong>Options<\/strong> button<\/li>\n<li>Choose the <strong>Additional Connection<\/strong> Parameters tab<\/li>\n<li>Enter &#8220;<strong>Column Encryption Setting = Enabled<\/strong>&#8220;<\/li>\n<\/ol>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1959 alignnone\" src=\"https:\/\/quebit.com\/askquebit\/wp-content\/uploads\/2022\/01\/SQ9-min.jpg\" alt=\"\" width=\"669\" height=\"580\" \/><\/p>\n<p>5. Click Connect<\/p>\n<p>Now, if we that same select statement on the production.brands table, the result should now look like this:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1960 alignnone\" src=\"https:\/\/quebit.com\/askquebit\/wp-content\/uploads\/2022\/01\/SQ10-min.jpg\" alt=\"\" width=\"932\" height=\"486\" \/><\/p>\n<h2><\/h2>\n<h2><\/h2>\n<h2><\/h2>\n<h2><\/h2>\n<h2><\/h2>\n<h2><\/h2>\n<h2><\/h2>\n<h2><\/h2>\n<h2><\/h2>\n<h2>Using Python<\/h2>\n<p>One more client-side test, this one using Python. To speed things up I can again refer back to an older post, this one using \u201c<a href=\"https:\/\/quebit.com\/askquebit\/quebit-products\/using-azure-data-studio-notebooks-to-investigate-variable-correlations\/\">Using Azure Data Studio Notebooks<\/a>\u201d. In that post I created an Azure notebook and wrote some simple Python scripts to query a SQL Server database. We can use the same concept for this test: use <a href=\"https:\/\/pypi.org\/project\/pyodbc\/\">pyodbc<\/a> to create a connection to the SQL Server database where we have applied Always Encrypted and then run a query on the production.brands table:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1961 alignnone\" src=\"https:\/\/quebit.com\/askquebit\/wp-content\/uploads\/2022\/01\/SQ11-min.jpg\" alt=\"\" width=\"900\" height=\"330\" \/><\/p>\n<p>The result is that we see that the data is returned <strong><em>encrypted<\/em><\/strong>.<\/p>\n<p>To invoke the driver from our Python script (so that we can decrypt the data), we can add the following parameters to the connection string:<\/p>\n<p>&#8216;Column Encryption Setting=Enabled;ColumnEncryption=VBS-HGS,http:\/\/myHGSServer.myDomain\/Attestation&#8217;<\/p>\n<p>Now, if we run the same code, we get our data back <strong><em>decrypted<\/em><\/strong>:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1962 alignnone\" src=\"https:\/\/quebit.com\/askquebit\/wp-content\/uploads\/2022\/01\/SQ12-min.jpg\" alt=\"\" width=\"900\" height=\"364\" \/><\/p>\n<p>Success!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In an earlier post I spent some time exploring symmetric encryption in SQL Server. In this article I wanted to address another kind of security offered in SQL Server: \u201cAlways Encrypted\u201d. Always Encrypted is a security feature which was introduced in an earlier version of SQL Server and is designed to ensure that data stored&hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[27],"tags":[32],"class_list":["post-3588","post","type-post","status-publish","format-standard","hentry","category-quebit-value","tag-sql"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>How Do I Use SQL Server\u2019s Always Encrypted Feature to Protect Sensitive Data? - QueBIT<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/quebit.com\/askquebit\/always-encrypting-sensitive-sql-data\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How Do I Use SQL Server\u2019s Always Encrypted Feature to Protect Sensitive Data? - QueBIT\" \/>\n<meta property=\"og:description\" content=\"In an earlier post I spent some time exploring symmetric encryption in SQL Server. In this article I wanted to address another kind of security offered in SQL Server: \u201cAlways Encrypted\u201d. Always Encrypted is a security feature which was introduced in an earlier version of SQL Server and is designed to ensure that data stored&hellip;\" \/>\n<meta property=\"og:url\" content=\"https:\/\/quebit.com\/askquebit\/always-encrypting-sensitive-sql-data\/\" \/>\n<meta property=\"og:site_name\" content=\"QueBIT\" \/>\n<meta property=\"article:published_time\" content=\"2023-04-12T15:39:33+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-01-15T18:15:05+00:00\" \/>\n<meta name=\"author\" content=\"agoddard\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"agoddard\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/quebit.com\\\/askquebit\\\/always-encrypting-sensitive-sql-data\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/quebit.com\\\/askquebit\\\/always-encrypting-sensitive-sql-data\\\/\"},\"author\":{\"name\":\"agoddard\",\"@id\":\"https:\\\/\\\/quebit.com\\\/askquebit\\\/#\\\/schema\\\/person\\\/e52d72da0fd2f5f70d189343fe4f5084\"},\"headline\":\"How Do I Use SQL Server\u2019s Always Encrypted Feature to Protect Sensitive Data?\",\"datePublished\":\"2023-04-12T15:39:33+00:00\",\"dateModified\":\"2026-01-15T18:15:05+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/quebit.com\\\/askquebit\\\/always-encrypting-sensitive-sql-data\\\/\"},\"wordCount\":1077,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/quebit.com\\\/askquebit\\\/always-encrypting-sensitive-sql-data\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/quebit.com\\\/askquebit\\\/wp-content\\\/uploads\\\/2022\\\/01\\\/SQ1-min.jpg\",\"keywords\":[\"SQL\"],\"articleSection\":[\"QueBIT Value\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/quebit.com\\\/askquebit\\\/always-encrypting-sensitive-sql-data\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/quebit.com\\\/askquebit\\\/always-encrypting-sensitive-sql-data\\\/\",\"url\":\"https:\\\/\\\/quebit.com\\\/askquebit\\\/always-encrypting-sensitive-sql-data\\\/\",\"name\":\"How Do I Use SQL Server\u2019s Always Encrypted Feature to Protect Sensitive Data? - QueBIT\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/quebit.com\\\/askquebit\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/quebit.com\\\/askquebit\\\/always-encrypting-sensitive-sql-data\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/quebit.com\\\/askquebit\\\/always-encrypting-sensitive-sql-data\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/quebit.com\\\/askquebit\\\/wp-content\\\/uploads\\\/2022\\\/01\\\/SQ1-min.jpg\",\"datePublished\":\"2023-04-12T15:39:33+00:00\",\"dateModified\":\"2026-01-15T18:15:05+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/quebit.com\\\/askquebit\\\/#\\\/schema\\\/person\\\/e52d72da0fd2f5f70d189343fe4f5084\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/quebit.com\\\/askquebit\\\/always-encrypting-sensitive-sql-data\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/quebit.com\\\/askquebit\\\/always-encrypting-sensitive-sql-data\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/quebit.com\\\/askquebit\\\/always-encrypting-sensitive-sql-data\\\/#primaryimage\",\"url\":\"https:\\\/\\\/quebit.com\\\/askquebit\\\/wp-content\\\/uploads\\\/2022\\\/01\\\/SQ1-min.jpg\",\"contentUrl\":\"https:\\\/\\\/quebit.com\\\/askquebit\\\/wp-content\\\/uploads\\\/2022\\\/01\\\/SQ1-min.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/quebit.com\\\/askquebit\\\/always-encrypting-sensitive-sql-data\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/quebit.com\\\/askquebit\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How Do I Use SQL Server\u2019s Always Encrypted Feature to Protect Sensitive Data?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/quebit.com\\\/askquebit\\\/#website\",\"url\":\"https:\\\/\\\/quebit.com\\\/askquebit\\\/\",\"name\":\"QueBIT\",\"description\":\"QueBIT\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/quebit.com\\\/askquebit\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/quebit.com\\\/askquebit\\\/#\\\/schema\\\/person\\\/e52d72da0fd2f5f70d189343fe4f5084\",\"name\":\"agoddard\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d817b364cff1d66116debde8d1c85e5e76eeece9c5ae731b19276a6040231455?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d817b364cff1d66116debde8d1c85e5e76eeece9c5ae731b19276a6040231455?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d817b364cff1d66116debde8d1c85e5e76eeece9c5ae731b19276a6040231455?s=96&d=mm&r=g\",\"caption\":\"agoddard\"},\"sameAs\":[\"https:\\\/\\\/quebit.com\\\/askquebit\"],\"url\":\"https:\\\/\\\/quebit.com\\\/askquebit\\\/author\\\/agoddard\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How Do I Use SQL Server\u2019s Always Encrypted Feature to Protect Sensitive Data? - QueBIT","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/quebit.com\/askquebit\/always-encrypting-sensitive-sql-data\/","og_locale":"en_US","og_type":"article","og_title":"How Do I Use SQL Server\u2019s Always Encrypted Feature to Protect Sensitive Data? - QueBIT","og_description":"In an earlier post I spent some time exploring symmetric encryption in SQL Server. In this article I wanted to address another kind of security offered in SQL Server: \u201cAlways Encrypted\u201d. Always Encrypted is a security feature which was introduced in an earlier version of SQL Server and is designed to ensure that data stored&hellip;","og_url":"https:\/\/quebit.com\/askquebit\/always-encrypting-sensitive-sql-data\/","og_site_name":"QueBIT","article_published_time":"2023-04-12T15:39:33+00:00","article_modified_time":"2026-01-15T18:15:05+00:00","author":"agoddard","twitter_card":"summary_large_image","twitter_misc":{"Written by":"agoddard","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/quebit.com\/askquebit\/always-encrypting-sensitive-sql-data\/#article","isPartOf":{"@id":"https:\/\/quebit.com\/askquebit\/always-encrypting-sensitive-sql-data\/"},"author":{"name":"agoddard","@id":"https:\/\/quebit.com\/askquebit\/#\/schema\/person\/e52d72da0fd2f5f70d189343fe4f5084"},"headline":"How Do I Use SQL Server\u2019s Always Encrypted Feature to Protect Sensitive Data?","datePublished":"2023-04-12T15:39:33+00:00","dateModified":"2026-01-15T18:15:05+00:00","mainEntityOfPage":{"@id":"https:\/\/quebit.com\/askquebit\/always-encrypting-sensitive-sql-data\/"},"wordCount":1077,"commentCount":0,"image":{"@id":"https:\/\/quebit.com\/askquebit\/always-encrypting-sensitive-sql-data\/#primaryimage"},"thumbnailUrl":"https:\/\/quebit.com\/askquebit\/wp-content\/uploads\/2022\/01\/SQ1-min.jpg","keywords":["SQL"],"articleSection":["QueBIT Value"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/quebit.com\/askquebit\/always-encrypting-sensitive-sql-data\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/quebit.com\/askquebit\/always-encrypting-sensitive-sql-data\/","url":"https:\/\/quebit.com\/askquebit\/always-encrypting-sensitive-sql-data\/","name":"How Do I Use SQL Server\u2019s Always Encrypted Feature to Protect Sensitive Data? - QueBIT","isPartOf":{"@id":"https:\/\/quebit.com\/askquebit\/#website"},"primaryImageOfPage":{"@id":"https:\/\/quebit.com\/askquebit\/always-encrypting-sensitive-sql-data\/#primaryimage"},"image":{"@id":"https:\/\/quebit.com\/askquebit\/always-encrypting-sensitive-sql-data\/#primaryimage"},"thumbnailUrl":"https:\/\/quebit.com\/askquebit\/wp-content\/uploads\/2022\/01\/SQ1-min.jpg","datePublished":"2023-04-12T15:39:33+00:00","dateModified":"2026-01-15T18:15:05+00:00","author":{"@id":"https:\/\/quebit.com\/askquebit\/#\/schema\/person\/e52d72da0fd2f5f70d189343fe4f5084"},"breadcrumb":{"@id":"https:\/\/quebit.com\/askquebit\/always-encrypting-sensitive-sql-data\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/quebit.com\/askquebit\/always-encrypting-sensitive-sql-data\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/quebit.com\/askquebit\/always-encrypting-sensitive-sql-data\/#primaryimage","url":"https:\/\/quebit.com\/askquebit\/wp-content\/uploads\/2022\/01\/SQ1-min.jpg","contentUrl":"https:\/\/quebit.com\/askquebit\/wp-content\/uploads\/2022\/01\/SQ1-min.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/quebit.com\/askquebit\/always-encrypting-sensitive-sql-data\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/quebit.com\/askquebit\/"},{"@type":"ListItem","position":2,"name":"How Do I Use SQL Server\u2019s Always Encrypted Feature to Protect Sensitive Data?"}]},{"@type":"WebSite","@id":"https:\/\/quebit.com\/askquebit\/#website","url":"https:\/\/quebit.com\/askquebit\/","name":"QueBIT","description":"QueBIT","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/quebit.com\/askquebit\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/quebit.com\/askquebit\/#\/schema\/person\/e52d72da0fd2f5f70d189343fe4f5084","name":"agoddard","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/d817b364cff1d66116debde8d1c85e5e76eeece9c5ae731b19276a6040231455?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d817b364cff1d66116debde8d1c85e5e76eeece9c5ae731b19276a6040231455?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d817b364cff1d66116debde8d1c85e5e76eeece9c5ae731b19276a6040231455?s=96&d=mm&r=g","caption":"agoddard"},"sameAs":["https:\/\/quebit.com\/askquebit"],"url":"https:\/\/quebit.com\/askquebit\/author\/agoddard\/"}]}},"_links":{"self":[{"href":"https:\/\/quebit.com\/askquebit\/wp-json\/wp\/v2\/posts\/3588","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/quebit.com\/askquebit\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/quebit.com\/askquebit\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/quebit.com\/askquebit\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/quebit.com\/askquebit\/wp-json\/wp\/v2\/comments?post=3588"}],"version-history":[{"count":1,"href":"https:\/\/quebit.com\/askquebit\/wp-json\/wp\/v2\/posts\/3588\/revisions"}],"predecessor-version":[{"id":4916,"href":"https:\/\/quebit.com\/askquebit\/wp-json\/wp\/v2\/posts\/3588\/revisions\/4916"}],"wp:attachment":[{"href":"https:\/\/quebit.com\/askquebit\/wp-json\/wp\/v2\/media?parent=3588"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/quebit.com\/askquebit\/wp-json\/wp\/v2\/categories?post=3588"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/quebit.com\/askquebit\/wp-json\/wp\/v2\/tags?post=3588"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}