question

pallab avatar image
0 Votes"
pallab asked AnuragSharma-MSFT answered

SQL Customer Managed Key TDE Query

I would like to know what happens to my historical data which were encrypted using Microsoft Managed Key, once i enable TDE with CMK. Does CMK re encrypt all my old data with CMK, or my old data before CMK was made active still uses the Microsoft Managed key?
Looking forward to a quick reply.

azure-sql-databaseazure-key-vault
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

AnuragSharma-MSFT avatar image
0 Votes"
AnuragSharma-MSFT answered

Hi @pallab, welcome to Microsoft Q&A forum.

As per the article, "For those using service-managed TDE who would like to start using customer-managed TDE, data remains encrypted during the process of switching over, and there is no downtime nor re-encryption of the database files. Switching from a service-managed key to a customer-managed key only requires re-encryption of the DEK, which is a fast and online operation."

I would suggest you to go through the article and it has a great insight on many related topics.

Please let us know if this helps.


If answer helps, please mark it 'Accept Answer'




5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.