-
Notifications
You must be signed in to change notification settings - Fork 201
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for encrypted column data for MSSQL #1334
Comments
@hedo29 thank you for reporting this. Can you elaborate on your use case? Working with a cloud database or on premises? Can you give an example of schema definition and JDBC code? |
Sure! To be more specific, for my purposes I'd be working with an on-premise DB that is using MSSQL's Always Encrypted. Encryption is enabled on specific tables/columns by T-SQL, so it's not something that has to be managed by Vert.x. Vert.x only has to see the metadata that comes back from the DB transaction when the query is executed:
This is supported from directly within Microsoft JDBC driver, so on the surface, the actual JDBC code wouldn't change. Table users:
When I make a JDBC call to retrieve a user's information, my code will simply look like this (identical to if it had no encrypted values):
The JDBC driver contains all of the logic necessary to do the following:
All of this occurs from directly within the driver code itself. The JDBC code is open source and can be found here. For my use case, and what I imagine would work to cover most others who are using always encrypted, using a Java keystore along with the corresponding URL parameter (currently In order to enable all of this, the Vert.x client would likely have to replicate the above behavior in the MSSQL-specific driver. Without this behavior, Always Encrypted support is not possible for MSSQL DBs, or at least retrieving/querying any encrypted column is not possible. |
Thank you for the details. This is would be a nice to have, would you like to contribute it? I can assist you in the process |
Describe the feature
There doesn't appear to be a way to properly transact on encrypted columns from a SQL Server DB using the reactive client. SQL Server's JDBC driver does support this through explicit methods, and decrypts using a CMK/CEK pair.
Use cases
Any MSSQL DB that contains an encrypted column cannot use this project to interface with said data because it will not decrypt the data. This feature will allow a wider support to include all MSSQL DBs that contain encrypted data. Currently Vert.x is the only supported way to work with Hibernate Reactive, so this would be tremendous for anyone working with relational annotations in Java.
Contribution
I would be more than happy to take my best shot at implementing this feature, but I do not know anyone that is already looking for this feature and the level of complexity may be outside of my expertise, especially given my limited knowledge of Vert.x. I would be extremely grateful to the Vert.x developers if this was deemed a high enough priority for their attention.
The text was updated successfully, but these errors were encountered: