Hello. Does anybody have experience with Mssql always encrypted feature and how does it work with Exposed? I have following table

object Person : Table("persons") {
    val id: Column<Long> = long("id")

    val surname: Column<String?> = varchar("surname", 255).nullable()
}

And insert is failing with

com.microsoft.sqlserver.jdbc.SQLServerException: Operand type clash: varchar(9) encrypted with (encryption_type = 'DETERMINISTIC', encryption_algorithm_name = 'AEAD_AES_256_CBC_HMAC_SHA_256', column_encryption_key_name = 'MY_KEY_CEK', column_encryption_key_database_name = 'my-db') collation_name = 'Latin1_General_100_CI_AS_SC_UTF8' is incompatible with varchar(255) encrypted with (encryption_type = 'DETERMINISTIC', encryption_algorithm_name = 'AEAD_AES_256_CBC_HMAC_SHA_256', column_encryption_key_name = 'MY_KEY_CEK', column_encryption_key_database_name = 'my-db')

Table definition

CREATE TABLE [dbo].[persons](
	[id] [bigint] NOT NULL,
	[surname] [varchar](255) COLLATE Latin1_General_100_BIN2 ENCRYPTED WITH (COLUMN_ENCRYPTION_KEY = [MY_KEY_CEK], ENCRYPTION_TYPE = Deterministic, ALGORITHM = 'AEAD_AES_256_CBC_HMAC_SHA_256') NULL,
)

Hi @Filip Lastic I don't have much experience with this feature, but I can try to troubleshoot it with you. I initially thought that maybe the inserted values were not being encrypted, but it seems more like a data type mismatch when setting the statement parameters. Which is odd because your table definition should ensure that the parameter is set as

VARCHAR(255)

if Exposed's

insert()

is used. Could you confirm how the insert operation is being performed? Is it just a simple:

Person.insert {
    it[id] = 1
    it[surname] = "Surname"
}

If so, could you confirm that the generated SQL should work at a lower level, for example using either

exec()

or the JDBC connection directly. For example:

exec(
    "INSERT INTO persons (id, surname) VALUES (?, ?)",
    args = listOf(
        LongColumnType() to 1,
        VarCharColumnType(255) to "Surname"
    )
)

// OR

val cx = (connection.connection as java.sql.Connection)
val stmt = cx.prepareStatement("INSERT INTO persons (id, surname) VALUES (?, ?)")
stmt.setObject(1, 1, java.sql.Types.BIGINT)
stmt.setObject(2, "Surname", java.sql.Types.VARCHAR, 255)
stmt.executeUpdate()

Do either of those methods succeed? I'm trying to understand what the insert should look like without using Exposed, because I'm seeing different ways, like using a plain

INSERT

(example) or using

DECLARE

with parameters (example).

Hello. Thank you for help! @Chantal Loncle (I'm using Slovak diacritics) 1. insert using Exposed DTO

Person.insert {
        it[id] = 1
        it[surname] = "ľščťžýáíé"
    }

2025-02-03 16:39:25.666 DEBUG [,,,] --- [main] Exposed INSERT INTO persons (id, surname) VALUES (1, 'ľščťžýáíé')
2025-02-03 16:39:25.666 WARN  [,,,] --- [main] Exposed Transaction attempt #0 failed: com.microsoft.sqlserver.jdbc.SQLServerException: Operand type clash: varchar(9) encrypted with (encryption_type = 'DETERMINISTIC', encryption_algorithm_name = 'AEAD_AES_256_CBC_HMAC_SHA_256', column_encryption_key_name = 'ABIS_DEV_CEK', column_encryption_key_database_name = 'abis') collation_name = 'Latin1_General_100_CI_AS_SC_UTF8' is incompatible with varchar(255) encrypted with (encryption_type = 'DETERMINISTIC', encryption_algorithm_name = 'AEAD_AES_256_CBC_HMAC_SHA_256', column_encryption_key_name = 'ABIS_DEV_CEK', column_encryption_key_database_name = 'abis') collation_name = 'Latin1_General_100_BIN2'. Statement(s): INSERT INTO persons (id, surname) VALUES (?, ?)
org.jetbrains.exposed.exceptions.ExposedSQLException: com.microsoft.sqlserver.jdbc.SQLServerException: Operand type clash: varchar(9) encrypted with (encryption_type = 'DETERMINISTIC', encryption_algorithm_name = 'AEAD_AES_256_CBC_HMAC_SHA_256', column_encryption_key_name = 'ABIS_DEV_CEK', column_encryption_key_database_name = 'abis') collation_name = 'Latin1_General_100_CI_AS_SC_UTF8' is incompatible with varchar(255) encrypted with (encryption_type = 'DETERMINISTIC', encryption_algorithm_name = 'AEAD_AES_256_CBC_HMAC_SHA_256', column_encryption_key_name = 'ABIS_DEV_CEK', column_encryption_key_database_name = 'abis') collation_name = 'Latin1_General_100_BIN2'
	at org.jetbrains.exposed.sql.statements.Statement.executeIn$exposed_core(Statement.kt:99)

2. insert using exec()

exec(
        "INSERT INTO persons (id, surname) VALUES (?, ?)",
        args = listOf(
            LongColumnType() to 1,
            VarCharColumnType(255) to "ľščťžýáíé"
        )
    )

Throws the same error

3. insert using

prepareStatement

val cx = (connection.connection as java.sql.Connection)
    val stmt = cx.prepareStatement("INSERT INTO persons (id, surname) VALUES (?, ?)")
    stmt.setObject(1, 1, java.sql.Types.BIGINT)
    stmt.setObject(2, "ľščťžýáíé", java.sql.Types.VARCHAR, 255)
    stmt.executeUpdate()

Throws the same error

I think it has something with this documentation https://learn.microsoft.com/en-us/sql/connect/jdbc/using-always-encrypted-with-the-jdbc-driver?view=sql-server-ver16#errors-due-to-[…]crypted-values but I'm struggling a bit how to solve the issue Only example when it works is when I changed column type to

NVARCHAR(MAX)

and used following code (I didn't find NVarcharColumnType())

[surname] [nvarchar](max) COLLATE Latin1_General_100_BIN2 ENCRYPTED WITH (COLUMN_ENCRYPTION_KEY = [ABIS_DEV_CEK], ENCRYPTION_TYPE = Deterministic, ALGORITHM = 'AEAD_AES_256_CBC_HMAC_SHA_256') NULL,

    val cx = (connection.connection as java.sql.Connection)
    val stmt = cx.prepareStatement("INSERT INTO persons (id, surname) VALUES (?, ?)")
    stmt.setObject(1, 1, java.sql.Types.BIGINT)
    stmt.setObject(2, "ľščťžýáíé", java.sql.Types.NVARCHAR)
    stmt.executeUpdate()