About 765,000 results
Open links in new tab
  1. Transparent data encryption (TDE) with database level customer …

    Jan 12, 2024 · A database configured with database level CMK can be reverted to server level encryption if the logical server is configured with a service-managed key using Invoke-AzSqlDatabaseTransparentDataEncryptionProtectorRevert.

  2. Customer-managed transparent data encryption (TDE) - Azure SQL Database ...

    Transparent data encryption (TDE) in Azure SQL with customer-managed key (CMK) enables Bring Your Own Key (BYOK) scenario for data protection at rest, and allows organizations to implement separation of duties in the management of keys and data.

  3. Identity and key management for TDE with database level

    In this guide, we go through the steps to create, update, and retrieve an Azure SQL Database with transparent data encryption (TDE) and customer-managed keys (CMK) at the database level, utilizing a user-assigned managed identity to access Azure Key Vault. The Azure Key Vault is in a different Microsoft Entra tenant than the Azure SQL Database.

  4. TDE with database-level CMK now generally available for Azure SQL ...

    Oct 2, 2023 · You can enable a customer-managed key (CMK) to use as the TDE protector at the database-level from Azure Key Vault in a different tenant of Microsoft Entra ID (formerly Azure Active Directory) than the tenant used by the server, …

  5. TDE customer-managed keys in Azure SQL Database - SQL Shack

    Jun 24, 2021 · This article explores Transparent Data Encryption (TDE) using the customer-managed key in Azure SQL Database. Introduction. In an on-premise SQL Server instance, database administrators can enable Transparent Data Encryption (TDE) for securing the data and log files of a database.

  6. Azure SQL - Managing Server-Level Transparent Data Encryption

    Nov 9, 2024 · In Azure SQL, server-level Transparent Data Encryption (TDE) provides centralized encryption across multiple databases within a server or managed instance. By default, Azure SQL uses a Service Managed Key (SMK) for TDE, but we can also choose to deploy a Customer Managed Key (CMK) for better control.

  7. Automated key rotation for TDE BYOK is now generally available …

    Aug 24, 2022 · TDE with Customer-Managed Key (CMK) enables Bring Your Own Key (BYOK) scenario for data protection at rest, by allowing a key stored in a customer-owned and customer-managed Azure Key Vault to be used as the TDE Protector on the server or managed instance.

  8. TDE High availability with customer-managed key for Azure SQL

    Oct 16, 2022 · When using CMK to protect data at rest, customers are responsible for and in a full control of a key lifecycle management (key creation, upload, rotation, deletion), the key used for encryption of the Database Encryption Key (DEK), called TDE protector, is a customer-managed asymmetric key stored in a customer-owned and customer-managed Azure ...

  9. Azure SQL - Managing Database-Level Transparent Data Encryption

    Nov 17, 2024 · This setup enables Transparent Data Encryption (TDE) with a Customer-Managed Key (CMK) at the database level by establishing a secure connection between the Azure SQL Database, its managed identity, and Azure Key Vault.

  10. Customer-managed keys with transparent data encryption using …

    Feb 12, 2025 · For TDE with customer-managed key (CMK) in Azure SQL, a managed identity on the server is used for providing access rights to the server on the key vault. For instance, the system-assigned managed identity of the server should be provided with key vault permissions prior to enabling TDE with CMK on the server.

Refresh