Microsoft recently announced that SQL Server Data Tools (SSDT) now supports developing databases using Always Encrypted. Always Encrypted is a feature designed to protect sensitive data, such as credit card numbers or national identification numbers (e.g. U.S. social security numbers), stored in Azure SQL Database or SQL Server databases. Always Encrypted allows clients to encrypt sensitive data inside client applications and never reveal the encryption keys to the Database Engine (SQL Database or SQL Server).
To start developing databases using Always Encrypted using SSDT, you will need to install the following software on your development machine:
- Visual Studio 2013 or Visual Studio 2015.
- SSDT GA July 2016 for Visual Studio 2015 or Visual Studio 2013.
- SQL Server Management Studio (SSMS) GA July 2016. Note: Currently, you need SSMS or the SqlServer PowerShell module that comes with SSMS, to provision Always Encrypted keys. In a future update of SSDT, we will support Always Encrypted key provisioning.
Always Encrypted is supported in all editions of SQL Server Database V12. Check out the end-to-end walkthrough for how to import an existing database into an SSDT project, enable Always Encrypted for selected database columns, and publish the changes back to the database.