stackoom
  简体   繁体   中英

Azure DevOps CI/CD Pipelines for the Azure SQL Always Encrypted database Issues

 原文  2021-11-29 11:27:13       azure/ azure-devops/ azure-sql-database/ azure-keyvault/ dacpac

Question

During the Setup of the Azure DevOps CI/CD Pipelines for the Azure SQL Always Encrypted database,

  1. Example:- Table1 consists of the 5 columns, out of the 5 column's Column1 and Column2 were encrypted
  2. Always Enabled setting in Connection string
  3. Dacpac file successfully created without any issues and able to view the Table1
  4. Observed the issue with while inserting data in to Table1 by using transaction data
  5. Error Message: Encryption scheme mismatch for columns/variables
  6. Same code is working fine if execute this dacpac file manually in SSMS studio
  7. Displaying error if use execute the dapac through SSDT or CI/CD Pipelines

Please let me know your thoughts about this issue?

1 answers

solution1
 0  2021-11-30 11:13:26

Usually CI/CD pipeline with Dacpac working together is complex with Always encrypted enabled.Please check if the below points can narrow down the issue.

  • Usually the certificate for the Column Master Key is stored in the client machine, not on the SQL server machine. If that is the case, you are not able to insert data into the table with an Always Encrypted column,Do the Master Key configuration.

(Hope you already knew but just for your info mismatch error in ssms can be solved this way )

According to permissions-for-publishing-a-dac-package-if-always-encrypted

To publish DAC package if Always Encrypted is set up in the DACPAC or/and in the target database, you might need some or all of the below permissions, depending on the differences between the schema in the DACPAC and the target database schema.

ALTER ANY COLUMN MASTER KEY, ALTER ANY COLUMN ENCRYPTION KEY, VIEW ANY COLUMN MASTER KEY DEFINITION, VIEW ANY COLUMN ENCRYPTION KEY DEFINITION

  • Also note that Azure SQL is a PaaS Service which means it receives update transparently and relatively often with a new compatibility level. Try updating SSDT version. Always Encrypted is supported in all editions of SQL Server Database V12.

  • Always Encrypted uses two types of cryptographic keys: column encryption keys (CEKs) and column master keys (CMKs). see developing databases using always encrypted

  • Please do variable declaration and value assignment are performed on the same line.

    Example:

    DECLARE @OPERATION_ID int = 4

    DECLARE @PARAMETER_NAME varchar(100) = 'xyz'

Try to store the value to be inserted in a variable or result and store in the application and then insert the data from the result set into SQL Server.

Also see

  1. azure-encryption-server-side-client-side-azure-key-vault
  2. create-and-store-column-master-keys-always-encrypted
  3. ci-with-a-sql-always-encrypted-column

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to use Azure SQL Always Encrypted in Azure DevOps CI/CD pipeline Automated Deployment of ADF Pipelines using Azure DevOps CI/CD Pipelines azure DevOps pipeline CI/CD Azure Devops Services - CI/CD Simple Azure Databricks CI/CD in Azure Devops Azure DevOps CI/CD Deploy Web or Function App changing the values in appsettings in YAML Pipelines Azure Devops Deployment using ci cd Integrate CI and CD together Azure Devops Azure DevOps CI/CD for On prem and Cloud Application Azure DevOps Repo to Azure Static HTML CI/CD Pipeline
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM