Connecting to SQL Server

This section describes connection configuration details for DataVeil license type SQL Server.

This is intended for connections to on-premise SQL Server instances and to Azure SQL MI (Managed Instance).

If connecting to an Azure SQL DB (Managed Database) then please refer to Connecting to Azure SQL DB instead.

DataVeil uses JDBC for connectivity.


Please check with your DBA to ensure that the user that you login with has the required access and permissions. In order to Run DataVeil masking projects, the User should have broad DBA-level permissions. DataVeil needs to alter, create and drop tables, indexes, triggers and constraints.

The TCP/IP protocol must be enabled on SQL Server

If you experience connection difficulties then please refer to the SQL Server connection troubleshooting guide.

Database Type

This must be SQL Server for correct operation. This value is set when the Connection definition is created. After it has been created the value cannot be changed directly. This is why the field is disabled.

If there is a reason why this value must be changed, such as because the Connection definition was created using the wrong value by mistake, then the Migrate Masks function can be used to move to a new Connection definition.

Database Name

The name of the SQL Server or Azure SQL MI database.



Windows authentication shall be used. Also known as Integrated authentication.

SQL Server

Authentication shall take place at SQL Server using the specified username and password.

Azure Active Directory - Integrated

Authentication shall be performed by Azure Active Directory using integrated authentication.

Azure Active Directory - Password

Authentication shall be performed by Azure Active Directory using the specified Username and Password.

Azure Active Directory - Interactive MFA

Authentication shall be performed by Azure Active Directory multi-factor authentication using the specified Username.

Hostname or IP

This can be a server name, an IP address or blank.

If the database is on the same computer where DataVeil is running then this field can be left blank.


This is the SQL Server instance to which you wish to connect. If a default instance has been configured then this field can be left blank.


The TCP port where the connection shall be attempted. If left blank then the SQL Server default port shall be attempted.

If connecting to the public endpoint of an Azure SQL Managed Instance then this field should be set to 3342.


If selected then the server's TLS/SSL certificate will not be validated during connection establishment. It is common in test environments for servers to have self-signed certificates that would fail certificate validation and therefore this setting should be selected for such closed and trusted environments.

For secure connections to servers that have a certificate signed by a recognized authority this setting should be deselected ("untrusted") so that the certificate is validated to ensure that connection is being established to the intended server. 

Use JDBC Connection String

When this option is selected DataVeil shall use the user-specified JDBC connection string to establish connections instead of using the other connection parameters on the form.

The only exceptions are the Username and Password fields. Although it is possible to specify username and password details in a JDBC connection string it is strongly recommended that you do not include these in the JDBC string. This is because they will be exposed as plain text and that presents a security risk. Instead, the username and password details should be specified in the corresponding Username and Password fields and omitted from the JDBC string. DataVeil manages the Password field securely and encrypts it whenever saved to a project file.


Other execution parameters that apply to this connection, such as masking batch sizes and the maximum number of parallel JDBC connections (threads), can be specified in Execution Settings.