I am trying to encrypt sql server database in Azure VM using TDE where the EKM will use Azure Key vault. I have been following the steps outlined in below link.
setup steps for EKM using Azure Key Vault
I have followed all the steps exactly including the below step where we need to provide value for SECRET (Application ID without hyphens+ Azure vault key).
USE master;
CREATE CREDENTIAL sysadmin_ekm_cred
WITH IDENTITY = 'keyvaultname',
SECRET =
'ef509ab6e52649388e65283e9378b0a171ccf2d0a8004abbbaaf93ab8f5909c0'
FOR CRYPTOGRAPHIC PROVIDER AzureKeyVault_EKM_Prov;
I get following error when trying to run below code
CREATE ASYMMETRIC KEY CONTOSO_KEY
FROM PROVIDER [AzureKeyVault_EKM_Prov]
WITH PROVIDER_KEY_NAME = 'Azurevaultkeyname',
CREATION_DISPOSITION = OPEN_EXISTING;
Msg 33028, Level 16, State 1, Line 14 Cannot open session for cryptographic provider 'AzureKeyVault_EKM_Prov'. Provider error code: 3303. (Provider Error - No explanation is available, consult EKM Provider for details)
Please let me know how to fix it.
I ran into a similar issue, the provider tries to create a registry key but doesn't have permissions to do so, therefore it fails. Try the following steps taken from this blogpost
Open regedit