Create a view to view encrypted columns from a table

  • Hello All,

    I have a table that has 5 encrypted columns. I'm using Symmetric Key for the encryption. Usually when I run the query I Open the Symmetric Key and then run my select statement. How do I achieve this using Views?

    Below is the sample select code:

    use TestDB

    SELECT TOP 1000
         , CONVERT(char,DECRYPTBYKEY([enc_Name1])) 'DecryptedName1'
    FROM [TestDB].[dbo].[Order_Det]


  SSRS Newbie - Friday, March 17, 2017 2:12 PM

    DECRYPTBYKEY is a scalar function. Drop all of the decryption code into a UDF and reference it in your view.

  • Seems a bit crazy to do it in a view because then you have to protect the view and all that goes with it.

  • Jeff,
    Can you suggest an alternative to views? Need help with this.


  • You'd have to revoke privs to use the view from everyone except the group of people that are authorized to view the decrypted data.  Keep in mind that (IIRC) that won't keep people with sysadmin privs from viewing the decrypted data. That brings on the larger subject of "Is your system actually secure"?  For example, do you have ANY applications or non-DBA users that have sysadmin or DBO privs (just to start) and do you have things like password complexity enforcement at the Windows and SQL Server levels?

  • You still need the key open, so anyone that can't open the key will get NULLs in the view.

  • I do not have any applications or non-DBA users that have sysadmin or DBO privs. How can we perform CRUD operations on the encrypted table? Once I get the view working for reading the encrypted records, I plan to use it for update, delete and insert. Any suggestions to perform CRUD operation on encrypted table are welcome? Thanks for responding

  • What's the purpose of the view? In other words, what are you trying to accomplish?

    If you use decryptbykey() in the view, you can't insert data into that field. It's the result of a function. Inserts/updates/deletes against a view only work on one table, but the columns are needed in the view, which means you'd need:

    create view myview
    , decrypteddata = decryptbykey(myencyryptedcolumn)
    , myencryptedcolumn
    from mytable

  • Steve,
    The idea behind creating a view is to allow programmers to perform CRUD operations using views. My table has firstname, lastname and e_firstname, e_lastname columns (encrypted columns using orginal firstname, lastname columns) Can you suggest any other alternative? 


  • Use two views. One for CRUD, one for display that decrypts data.

