September 9, 2024 at 2:02 pm
I am studying for the Azure Data Engineer certification and the material covers Purview linage scanning of SQL Server databases. It says there must be a master key setup in the database for lineage to be produced, but I cannot find anything that explains why.
There are no special teachers of virtue, because virtue is taught by the whole community.
--Plato
September 9, 2024 at 7:24 pm
Quick google brought me this:
The master key is used to encrypt and decrypt sensitive data, such as credentials, that are stored in the database. If the master key is missing or corrupted, it can cause issues with lineage extraction.
(link)
So, my understanding is that SOME of the data used for lineage extraction is considered sensitive data, hence you need the master key. Mind you, if I was pushing any data offsite (Azure for example), I'd want to make certain that it is encrypted in some form. Just like I wouldn't want to use a bank website that is only listening on HTTP traffic and not HTTPS.
The above is all just my opinion on what you should do.
As with all advice you find on a random internet forum - you shouldn't blindly follow it. Always test on a test server to see if there is negative side effects before making changes to live!
I recommend you NEVER run "random code" you found online on any system you care about UNLESS you understand and can verify the code OR you don't care if the code trashes your system.
September 10, 2024 at 4:13 am
I appreciate you looking into it. I was aware of the master key's role in terms of encrypting database-resident objects like credentials. Does the master key play a role in encrypting client communications? I didn't think it played a role there.
Purview retrieves lineage based on the SQL Server-tracked dependencies which is something that is not necessarily sensitive, as far as I know. You need a certain level of permissions to inspect dependencies, however it's still not clear why the master key is needed for any of the extraction steps.
There are no special teachers of virtue, because virtue is taught by the whole community.
--Plato
September 10, 2024 at 6:47 am
Copilot came up with:
You
Sent by you:
With Purview linage scanning, why must there be a master key setup in the database?
Copilot
Sent by Copilot:
Setting up a master key in the database is crucial for Microsoft Purview lineage scanning because it ensures secure access to the database’s metadata. Here are the main reasons:
Encryption: The master key is used to encrypt sensitive data within the database, such as credentials and connection strings. This ensures that any data Purview accesses or extracts is securely handled1.
Authentication: It allows Purview to authenticate securely with the database. By using the master key, Purview can establish a trusted connection, ensuring that the data lineage information it gathers is accurate and secure1.
Compliance: Many organizations have strict compliance requirements regarding data access and security. Using a master key helps meet these requirements by ensuring that all data interactions are encrypted and secure1.
Would you like to know more about how to set up the master key or any other aspect of Purview?
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply