IL N'Y A PAS LIEU DE S'INQUIETER LA KLEY N'AI QU'UNE SIGNATURE ET LA BASE NE SE PERDS PAS.
Set old version of Key as SQL TDE protector is not working
Hello,
I am currently testing TDE with BYOK.
During testing I deleted my key that was used as TDE protector for my test sql database server.
As expected, the database wasnt reachable anymore.
Now I set a completely new key as TDE protector.
As expected, the server still had trouble reaching keyVault.
Now I restored the deleted key and created a new version of it.
Via Azure Portal I selected the keyvault, the correct key and the old version of the key which was used earlier as TDE protector.
When clicking validate Key, the sql server automatically grabs the latest version of the key instead of the selected version.
Same when trying via Azure cli.
Due to that, the database cannot recover.
Is that a bug or intended feature? I wasn t able to find anything in the documentation
2 answers
Sort by: Most helpful
-
-
GeethaThatipatri-MSFT 27,717 Reputation points Microsoft Employee
2021-11-23T21:58:24.26+00:00 @Jonathan Friedrich "Disable" the current version, re-try selecting the older version of the key, and see if that resolves your issue.
To disable a Key version you just have to select the key and right-click the version to disable.
Also, find this useful document on the TDE protector.