Transparent Data Encryption (TDE)

TDE was introduced in SQL Server 2008 i.e. it has been into existence from a long time and now a days, all databases on Microsoft Azure are TDE enabled, by default. It encrypts the data at rest. It doesn’t encrypt the actual data but the content of files (mdf and ldf). This is a kind of real time encryption/decryption that happens when data is written to the disk and read into memory so it has NO impact on the size of the databases.

Setting up the encryption on a database is a sequence of steps that needs to be executed. Let’s see, what those steps are:

Step-1: Create a master key in master database

Step-2: Create a certificate in master database

Step-3: Create database level encryption key

Step-4: Enable the Encryption

You can check if your database has been encrypted by running the following query

As soon as you enable it and as you might have noticed in above screenshot too that TempDB also gets encrypted automatically (if this was your first database being encrypted).

One comment

Leave a Reply