Following on from my previous post I’ve created a procedure to read encrypted data using the same principles: Executing the procedure in the context of a least privilege user and elevating the permissions using code signing as follows.
create procedure sales_api.usp_getCCTrans with execute as ‘lpu_code_context’ as begin begin try [...]