SQL Server encryption

Applies to: SQL Server Azure SQL Database Azure SQL Managed Instance

Encryption is the process of obfuscating data by the use of a key or password. This process can make the data useless without the corresponding decryption key or password. Encryption doesn't solve access control problems. However, it enhances security by limiting data loss even if access controls are bypassed. For example, if the database host computer is misconfigured and a hacker obtains sensitive data, that stolen information might be useless if it's encrypted.

Although encryption is a valuable tool to help ensure security, it shouldn't be considered for all data or connections. When you're deciding whether to implement encryption, consider how users access data. If users access data over a public network, data encryption might be required to increase security. However, if all access involves a secure intranet configuration, encryption might not be required. Any use of encryption should also include a maintenance strategy for passwords, keys, and certificates.

Note

The latest information about Transport Level Security (TLS 1.2) is available at TLS 1.2 support for Microsoft SQL Server. For more information about TLS 1.3, see TLS 1.3 support.

In this section

You can use encryption in SQL Server for connections, data, and stored procedures. The following articles contain more information about encryption in SQL Server.