Vault
Upgrade the Vault EKM provider
Note: The upgrade process will put the database into maintenance mode and require a restart. It is highly recommended to test this procedure in a staging environment prior to running it on a production database.
Disable the Vault EKM Provider, and verify it is marked disabled:
ALTER CRYPTOGRAPHIC PROVIDER TransitVaultProvider DISABLE; SELECT * FROM sys.cryptographic_providers;
Install the latest version from releases.hashicorp.com, following the instructions in the installer.
- If you get a "Files in Use" prompt while running the installer, select "Do not close applications. A reboot will be required", and restart after the installation has completed.
Reload the provider DLL:
ALTER CRYPTOGRAPHIC PROVIDER TransitVaultProvider FROM FILE = 'C:\Program Files\HashiCorp\Transit Vault EKM Provider\TransitVaultEKM.dll';
Now re-enable the Vault EKM Provider and verify it is both marked enabled and the version reported matches the version of the installer:
ALTER CRYPTOGRAPHIC PROVIDER TransitVaultProvider ENABLE; SELECT * FROM sys.cryptographic_providers;
Finally, restart Microsoft SQL Server.