New Azure SQL databases will be encrypted at rest by default

As mentioned here.
I suspect this raises an interesting question, who is responsible for the TDE keys, especially when it comes to long term-term backup retention as Microsoft automatically rotates these certificates at least every 90 days and I suspect the underlying server will change at some stage.
According to this it shouldn’t be an issue.
’10. Q: I have TDE enabled for my database. Can I use TDE with the vault?

A. Yes, TDE is supported. You can restore the database from the vault even if the original database no longer exists.


That’s some great questions Kev. I suspect the answer is 42.

Keep up the good blog posts. Learnt something new today.


Leave a Reply