We are looking into using MSSQL as backend storage. One of our discussions is about encryption due to the sensitive nature of the stored secrets.
From what I can read there is no alternative to encrypt the actual network traffic between Vault and a MSSQL cluster. I know that the Vault secret is encrypted but still can’t find a way to enable encryption for all the traffic.
My main worry is that the MSSQL credentials is sent in cleartext during some stage of the connection between Vault and the MSSQL cluster and also that there could be a way to alter the information being sent.
Can anyone shed some light on this?