Microsoft has
announced that the SQL Server Connector for Azure Key Vault is now generally available. Since you can use your own encryption keys for SQL Server encryption and protect them in the Azure Key Vault,
SQL Server is enabled to use Azure Key Vault as a place to protect and manage SQL encryption keys.
The SQL Server Connector is an Extensible Key Management (EKM) Provider. It is Azure Key Vault, which allows you to have a separate central cloud-based key management system, the option to use hardware security modules (HSMs) and promotion of separation of duties by being able to separate key management from data management for additional security. For Transparent Data Encryption (TDE), Column Level Encryption (CLE), and Backup Encryption, SQL Server Connector is available.
You can protect the DEK with an asymmetric key that is stored in Azure Key Vault with Azure Key Vault integration for SQL Server through the SQL Server Connector, which entices you to have control over the key management and have it in a separate key management service outside SQL Server.
For people who want to leverage Azure Key Vault for managing their encryption keys, The SQL Server Connector is especially useful for those using SQL Server-in-a-VM (IaaS) as SQL IaaS is the simplest way to deploy and run SQL Server and it is optimized for extending existing on-premises SQL Server Applications to the cloud in a hybrid IaaS scenario or supporting a migration scenario.
One way of how an organization can use the SQL Server Connector is illustrated in the image, shown below:
Image Source: https://blogs.msdn.microsoft.com/
For production workloads, only Version 1.0.1.0 is generally available and supported. The older versions like 1.0.0.440 and older have taken back seat viz-a-viz, they are replaced and will not be supported under GA.