Transparent Data Encryption (TDE)

TDE was introduced in SQL Server 2008 i.e. it has been into existence from a long time and now a days, all databases on Microsoft Azure are TDE enabled, by default. It encrypts the data at rest. It doesn’t encrypt the actual data but the content of files (mdf and ldf). This is a kind of real time encryption/decryption that happens when data is written to the disk and read into memory so it has NO impact on the size of the databases.

Setting up the encryption on a database is a sequence of steps that needs to be executed. Let’s see, what those steps are:

Step-1: Create a master key in master database

Step-2: Create a certificate in master database

Step-3: Create database level encryption key

Step-4: Enable the Encryption

You can check if your database has been encrypted by running the following query

As soon as you enable it and as you might have noticed in above screenshot too that TempDB also gets encrypted automatically (if this was your first database being encrypted)

One comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s