Set up Transparent Data Encryption
Ensure that no other user is running any Process Runner product until the TDE implementation process is completed.
To enable Transparent Data Encryption (TDE) for SQL Database,
- Open SQL Server Management Studio and connect to your SQL Server instance.
- Right-click your server instance in Object Explorer, and then select New Query.
- In the query window, perform the following:
- To create the master key with the password provided, enter the following query:
USE master
CREATE MASTER KEY ENCRYPTION BY PASSWORD = '<YOURPASSWORD>’
- To create the certificate protected by master key, enter the following query:
- To create the database encryption key, enter the following query:
- To enable encryption for the database that you want to encrypt, enter the following query:
- To back up the certificate or key, enter the following query:
USE master
CREATE CERTIFICATE <CertificateName> WITH SUBJECT = 'SQL Server TDE Certificate', EXPIRY_DATE = '<DATE>'
Note: Date format should be in YYYYMMDD format.
USE [Database Name]
CREATE DATABASE ENCRYPTION KEY WITH ALGORITHM = AES_256 ENCRYPTION BY SERVER CERTIFICATE <Certificate Name>
ALTER DATABASE [Database Name] SET ENCRYPTION ON;
USE Master
BACKUP CERTIFICATE <Certificate Name> TO FILE = 'E:\TDE1\Sample.cert' WITH PRIVATE KEY ( FILE = 'E:\TDE1\sample.key', ENCRYPTION BY PASSWORD = 'Password')
- To create the master key with the password provided, enter the following query:
- To run on the server where the database must be restored, perform the following:
- Create the same master key that is created on SQL Server using the following query:
- Copy the certificate from the backup server using the following query:
Use master CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'same password’
USE [Database Name]
CREATE CERTIFICATE <CertificateName> FROM FILE ='Path\CertificateName.cert' WITH PRIVATE KEY (FILE ='Path\CertificateName.key', DECRYPTION BY PASSWORD = 'YourPassword');