I want to find out what key name provided from an external provider my database is using in an encrypted database.
This is an example taken from Microsoft website.
CREATE ASYMMETRIC KEY EKM_askey1
FROM PROVIDER EKM_Provider1
WITH
ALGORITHM = RSA_2048,
CREATION_DISPOSITION = CREATE_NEW
, PROVIDER_KEY_NAME = 'key10_user1' ;
GO
But I don't know how to learn whether this is CREATE_NEW or OPEN_EXISTING and have no clue what view contains information about this key10_user1 as mentioned in the example.
Could you try:
SELECT * FROM sys.cryptographic_providers;
to get the provider id and then query using sys.dm_cryptographic_provider_keys:
SELECT * FROM sys.dm_cryptographic_provider_keys(1234567);
GO
Related
I work with large databases that needs to be stored into a server.
So, to work with them on Rstudio I have to open a connection to my Microsoft SQL Server with the dbConnect function :
conn <- dbConnect(odbc(),"myconnection",uid="***",pwd="***",schema="dbo",access="readonly")
and in order to use dplyr, I have to create data references with the tbl function :
data <- tbl(conn, "data")
But one of the online dataframe contains a columns that I can't read because I dont have the access, but I can read everything else.
The SQL query behind the tbl() function is :
SELECT * FROM data
and this is my problem.
Even when I try to select a specific column it doesn't work (see below), so I can't create my references and I can't work.
select(tbl(conn, "data"), "columnX")
=
SELECT columnX FROM data
I think this is the tbl() function and the call of "SELECT *" that blocks me.
Do you know what can I do ? Is there smilar functions that could resolve my problem ?
If you know the columns that you have access to, then one option is to bypass the default access SELECT * FROM ... with your own SQL query.
A remote table is defined by two components:
The database conneciton
The query to the database
When you connect with the default approach tbl(conn, 'data') then it defaults to a query SELECT * FROM data.
But here is another approach:
custom_query = 'SELECT columnX FROM data'
remote_table = tbl(conn, dbplyr::sql(customer_query))
I am trying to load data from a CSV file to a table in my Azure Database following the steps in https://learn.microsoft.com/en-us/sql/t-sql/statements/bulk-insert-transact-sql?view=sql-server-ver15#f-importing-data-from-a-file-in-azure-blob-storage, using the Managed Identity option. When I run the query, I receive this error:
Failed to execute query. Error: Referenced external data source "adfst" not found.
This is the name of the container I created within my storage account. I have also tried using my storage account, with the same error. Reviewing https://learn.microsoft.com/en-us/sql/relational-databases/import-export/examples-of-bulk-access-to-data-in-azure-blob-storage?view=sql-server-ver15 does not provide any further insight as to what may be causing the issue. My storage account does not have public (anonymous) access configured.
I'm assuming that I'm missing a simple item that would resolve this issue, but I can't figure out what it is. My SQL query is below, modified to not include content that should not be required.
CREATE MASTER KEY ENCRYPTION BY PASSWORD = '**************';
GO
CREATE DATABASE SCOPED CREDENTIAL msi_cred WITH IDENTITY = '***********************';
CREATE EXTERNAL DATA SOURCE adfst
WITH ( TYPE = BLOB_STORAGE,
LOCATION = 'https://**********.blob.core.windows.net/adfst'
, CREDENTIAL= msi_cred
);
BULK INSERT [dbo].[Adventures]
FROM 'Startracker_scenarios.csv'
WITH (DATA_SOURCE = 'adfst');
If you want to use Managed Identity to access Azure Blob storage when you run BULK INSERT command. You need to enable Managed Identity for the SQL server. Otherwise, you will get the error Referenced external data source "***" not found. Besides, you also need to assign Storage Blob Data Contributor to the MSI. If you do not do that, you cannot access the CVS file storing in Azure blob
For example
Enable Managed Identity for the SQL server
Connect-AzAccount
#Enable MSI for SQL Server
Set-AzSqlServer -ResourceGroupName your-database-server-resourceGroup -ServerName your-SQL-servername -AssignIdentity
Assign role via Azure Portal
Under your storage account, navigate to Access Control (IAM), and select Add role assignment. Assign Storage Blob Data Contributor RBAC role to the server which you've registered with Azure Active Directory (AAD)
Test
a. Data
1,James,Smith,19750101
2,Meggie,Smith,19790122
3,Robert,Smith,20071101
4,Alex,Smith,20040202
b. script
CREATE TABLE CSVTest
(ID INT,
FirstName VARCHAR(40),
LastName VARCHAR(40),
BirthDate SMALLDATETIME)
GO
CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'YourStrongPassword1';
GO
--> Change to using Managed Identity instead of SAS key
CREATE DATABASE SCOPED CREDENTIAL msi_cred WITH IDENTITY = 'Managed Identity';
GO
CREATE EXTERNAL DATA SOURCE MyAzureBlobStorage
WITH ( TYPE = BLOB_STORAGE,
LOCATION = 'https://jimtestdiag417.blob.core.windows.net/test'
, CREDENTIAL= msi_cred
);
GO
BULK INSERT CSVTest
FROM 'mydata.csv'
WITH (
FIELDTERMINATOR = ',',
ROWTERMINATOR = '\n',
DATA_SOURCE = 'MyAzureBlobStorage');
GO
select * from CSVTest;
GO
I am trying to setup client_credentials grant type in identity server 4 using the entity framework project.
I am using a sample config file to populate the database: https://github.com/IdentityServer/IdentityServer4.Demo/blob/master/src/IdentityServer4Demo/Config.cs
This data is entered into the database and I attempt to connect to the token endpoint via Insomnia, here is a screenshot of my setup:
It states invalid_client but I am not sure why, I ran a SQL profile and every time I hit this endpoint its running:
exec sp_executesql N'SELECT [x.Properties].[Id], [x.Properties].[ClientId], [x.Properties].[Key], [x.Properties].[Value]
FROM [ClientProperties] AS [x.Properties]
INNER JOIN (
SELECT TOP(1) [x8].[Id]
FROM [Clients] AS [x8]
WHERE [x8].[ClientId] = #__clientId_0
ORDER BY [x8].[Id]
) AS [t7] ON [x.Properties].[ClientId] = [t7].[Id]
ORDER BY [t7].[Id]',N'#__clientId_0 nvarchar(200)',#__clientId_0=N'client'
It's trying to perform a join on the ClientProperties table, but this table is currently empty. I am not sure if this is the problem or not.
Am I doing something wrong?
When you INNER JOIN two tables, of which one is empty (as you state), the result set will always be empty so when the client can't be retrieved by client_id, you get "invalid_client".
Putting some data, linked to your client, into it should resolve the issue.
How can I have a certificate in a Visual Studio 2010 database project that will be created, updated and removed depending on changes in the project similar to the way that it handles tables, stored procedures, keys and other objects?
Below is the syntax that I am currently using, and the $(CertName).
CREATE CERTIFICATE [$(CertName)]
AUTHORIZATION [dbo]
WITH SUBJECT = N'Encrypt Data', START_DATE = N'11/26/2012 15:13:03', EXPIRY_DATE = N'11/26/2013 15:13:03'
ACTIVE FOR BEGIN_DIALOG = ON;
I have tried to check if it exists using the below if statement.
IF (select Count(*) from sys.symmetric_keys where name like '$(CertName)') = 0
BEGIN
--insert create statement
END
However using this approach I get the following errors, due to the fact that I use the certificate in the definition of the symmetric key.
SQL03006: Symmetric Key: [$(KeyName)] has an unresolved reference to Certificate [$(CertName)].
Try this:
IF EXISTS (SELECT 1 FROM sys.certificates where name = '$(CertName)')
I'm using WebSphere 7 and their JPA 2.0 implementation which is based on OpenJPA, and I have something driving me crazy. I have to connect to a SQL Server 2008 database that uses the database column encryption. The encryption is done by several database commands:
1 - OPEN SYMMETRIC KEY DECRYPTION BY CERTIFICATION
2 - Perform insert/select/update/etc using the database methods EncryptByKey or DecryptByKey
3 - CLOSE SYMMETRIC KEY
I have searched and it does not appear that OpenJPA supports this functionality. Does anybody know how to get OpenJPA to play nicely with this type of encryption? Or should I just skip JPA for this project and use good old fashioned PreparedStatements?
So yeah, it does look like doing a native query is only way to do this. So it comes out to something like this:
EntityManager em = getEntityManager();
Query openKey = em.createNativeQuery("OPEN SYMMETRIC KEY MY_KEY DECRYPTION BY CERTIFICATE MY_CERT");
openKey.executeUpdate();
Query query = em.createNativeQuery("SELECT FIRSTNAME, LASTNAME, CONVERT(varchar, DECRYPTBYKEY(SSN)) as SSN from report where record_id = ?", Report.class);
query.setParameter(1, recordId);
report = (Report) query.getSingleResult();
Query closeKey = em.createNativeQuery("CLOSE SYMMETRIC KEY MY_KEY");
closeKey.executeUpdate();