There is also a REST API command to delete the key if you need to, as you can see in the links above. However, after adding the source key as non-TDE Protector, you will be able to successfully perform the restore from the source backup into the target server/instance.Īlthough you can’t see the keys that are not the TDE Protector in the Portal, you can list them using REST API: This is because the TDE Protector key wasn’t changed and It’s shown by default in the Portal. However, if you refresh the page, It will show again the TDE Protector key:.After the operation completes, you will see the key you selected in ‘Key’, but with the ‘Make the selected key the default TDE protector’ unchecked:.Note: They key was changed from thlemes-sqldb-k to thlemes-key2 By unchecking the key as TDE Protector, you will add the key to the server/instance without changing the encryption key of Its databases: Uncheck the “Make the selected key the default TDE protector” and save.On the “Transparent data encryption” blade of the target server/instance, click on “change key” and select the key with which the source backup was encrypted:.If necessary, restore the TDE customer-managed key that was used to encrypt the database you will restore into the Azure Key Vault (AKV) you intend to use.
:max_bytes(150000):strip_icc()/002_encrypt-iphone-5193023-4f9ecdcaa6af487e80c8347d9b7a263d.jpg "reset encrypted data")
If you need to restore a database that was encrypted with a TDE (transparent data encryption) customer-managed key into a server that is encrypted with a different key, you can follow the steps below:
0 kommentar(er)
