When I follow instructions for setting JDBC to access Azure SQL Database with some columns protected by Always Encrypted, I run into an issue where my guess is not all java code necessary is available to the driver. It will probably quickly become obvious that I'm relatively inexperienced in the java environment, so may not be using terms quite right.
MS instructions for JDBC setup: Use Always Encrypted with the JDBC driver - JDBC Driver for SQL Server | Microsoft Learn
MSSQL JDBC Keyvaults with Always Encrypted: Key Vault authentication with Managed Identities · microsoft/mssql-jdbc Wiki · GitHub
Here's what I'm doing:
- Create a new Data Source using Azure SQL Server as the Driver -- jumping to the driver shows the following versions: SQL Server ver 12.2.0, MSAL4J ver 1.13.7
- Set server host, User, and Database values -- I am using Azure Active Directory interactive authentication
- Note that connecting at this point jumps to a browser for authenticating, and I can successfully get into the database with the driver connection properties for Always Encrypted turned off -- this means I see the cyphertext of encrypted columns, but demonstrates I have connectivity.
- Now we start altering the data source properties to enable Always Encrypted:
- Under Advanced tab, set the following: columnEncryptionSetting = Enabled, keyStorePrincipalId = <client ID -- known working>, keyStoreSecret= <client key -- known working> -- the best reference is the git link I provided, showing how to configure specifically for what I'm trying to do as of driver version 8.3 -- I see there are still fields in the DataGrip UI which this article calls deprecated -- I've tried both ways, and run into the same issue below...
- In the Advanced tab, the keyStoreAuthentication field only allows "JavaKeyStorePassword" but we need a different value -- jump back to the General tab, and add the following to the end of the url: "keyStoreAuthentication=KeyVaultClientSecret" -- note that not all values are allowed -- there is something verifying this value and "KeyVaultClientSecret" is an allowed value, and even shows back on the field in the Advanced tab. Odd.
- Click OK to save changes, open a new console, execute a select statement -- get error "Driver class 'com.azure.core.credential.TokenCredential' not found" with an option to Change driver class
- I have tried to get the jars for Azure Core SDK for Java, and dropped the jar next to the other driver files and in the Driver page added a custom JAR. This actually got the error message to change, but I seemingly started running into dependencies of Azure SDK being missing, so I started retrieving those jars and adding them, but was only able to get past about 5 missing classes before not knowing where to retrieve the missing classes.
It feels safe to say that in general the default Azure SQL Database driver I've downloaded automatically from DataGrip is incomplete for this attempted usage. Has anyone else been able to get past this? At this point, I'm kind of over my head, and wondering if anyone else has any suggestions on how to proceed?