Transparent Data Encryptions - Get

Gets a logical database's transparent data encryption.

GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/databases/{databaseName}/transparentDataEncryption/current?api-version=2021-02-01-preview

URI Parameters

Name In Required Type Description
databaseName
path True
  • string

The name of the logical database for which the transparent data encryption is defined.

resourceGroupName
path True
  • string

The name of the resource group that contains the resource. You can obtain this value from the Azure Resource Manager API or the portal.

serverName
path True
  • string

The name of the server.

subscriptionId
path True
  • string

The subscription ID that identifies an Azure subscription.

tdeName
path True

The name of the transparent data encryption configuration.

api-version
query True
  • string

The API version to use for the request.

Responses

Name Type Description
200 OK

Successfully retrieved the Logical database transparent data encryption.

Other Status Codes

*** Error Responses: ***

  • 400 SecurityAdalPrincipalCertExpiredError - The operation could not be completed because the Azure Key Vault principal certificate has expired.

  • 400 SecurityInvalidAzureKeyVaultRecoveryLevel - The provided Key Vault uri is not valid.

  • 400 KeyMaterialNotFoundOnRemoteServer - Remote server does not have access to key material used as a TDE protector.

  • 400 AzureKeyVaultMismatchError - Unexpected Key Vault region found in the http response.

  • 400 AzureKeyVaultRsaKeyNotSupported - The provided key vault uses unsupported RSA Key Size or Key Type. The supported RSA key size is 2048 or 3072 and Key Type is RSA or RSA-HSM.

  • 400 AzureKeyVaultKeyDisabled - The operation could not be completed on the server because the Azure Key Vault key is disabled.

  • 400 AzureKeyVaultInvalidExpirationDate - The operation could not be completed because the Azure Key Vault key expiration date is invalid.

  • 400 SecurityAzureKeyVaultUrlNullOrEmpty - The operation could not be completed because the Azure Key Vault Uri is null or empty.

  • 400 AzureKeyVaultNoServerIdentity - The server identity is not correctly configured.

  • 400 AzureKeyVaultInvalidUri - An invalid response from Azure Key Vault. Please use a valid Azure Key Vault URI.

  • 400 AzureKeyVaultMissingPermissions - The server is missing required permissions on the Azure Key Vault.

  • 400 SecurityAzureKeyVaultInvalidKeyName - The operation could not be completed because of an invalid Server Key name.

  • 400 AdalGenericError - The operation could not be completed because an Azure Active Directory error was encountered.

  • 400 AdalServicePrincipalNotFound - The operation could not be completed because an Azure Active Directory library Service Principal not found error was encountered.

  • 400 AzureKeyVaultMalformedVaultUri - The provided Key Vault uri is not valid.

  • 400 SecurityAzureKeyVaultGeoChainError - Creating secondary of secondary (a process known as chaining) is not supported when enabling Transparent Data Encryption using Azure Key Vault (BYOK).

  • 400 ReadOnly - Cannot enable or modify database encryption on a database that is read-only, has read-only files or is not recovered.

  • 400 CanNotDropAlterOnMirror - Please modify Transparent Data Encryption on the primary databases.

  • 401 CanNotChangeReadOnlyDuringTdeScan - Cannot modify filegroup read-only/read-write state while an encryption transition is in progress.

  • 409 ServerKeyNameAlreadyExists - The server key already exists on the server.

  • 409 ServerKeyUriAlreadyExists - The server key URI already exists on the server.

  • 409 ServerKeyDoesNotExists - The server key does not exist.

  • 409 AzureKeyVaultKeyNameNotFound - The operation could not be completed because the Azure Key Vault Key name does not exist.

  • 409 AzureKeyVaultKeyInUse - The key is currently being used by the server.

  • 409 NeedsLogBackup - Please wait several minutes for a log backup to occur.

  • 409 EncryptionInProgress - Cannot modify encryption while an encryption scan in progress.

  • 409 KeyChangeInProgress - Cannot change database encryption key while an encryption, decryption, or key change scan is in progress.

  • 409 NoBulkOperationLock - CREATE/ALTER/DROP DATABASE ENCRYPTION KEY failed because a lock could not be placed on database. Try again later.

  • 409 AltStateConflict - The operation cannot be performed on database because it is involved in a database mirroring session or an availability group. Some operations are not allowed on a database that is participating in a database mirroring session or in an availability group.

  • 503 AzureKeyVaultConnectionFailed - The operation could not be completed on the server because attempts to connect to Azure Key Vault have failed

  • 503 AzureKeyVaultGenericConnectionError - The operation could not be completed because an error was encountered when attempting to retrieve Key Vault information .

  • 503 NoDekLock - CREATE/ALTER/DROP DATABASE ENCRYPTION KEY failed because a lock could not be placed on the database. Try again later.

Examples

Get a database's transparent data encryption

Sample Request

GET https://management.azure.com/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/security-tde-resourcegroup/providers/Microsoft.Sql/servers/securitytde/databases/testdb/transparentDataEncryption/current?api-version=2021-02-01-preview

Sample Response

{
  "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/security-tde-resourcegroup/providers/Microsoft.Sql/servers/securitytde/databases/testdb",
  "name": "current",
  "type": "Microsoft.Sql/servers/databases/transparentDataEncryption",
  "properties": {
    "state": "Enabled"
  }
}

Definitions

LogicalDatabaseTransparentDataEncryption

A logical database transparent data encryption state.

TransparentDataEncryptionName

The name of the transparent data encryption configuration.

TransparentDataEncryptionState

Specifies the state of the transparent data encryption.

LogicalDatabaseTransparentDataEncryption

A logical database transparent data encryption state.

Name Type Description
id
  • string

Resource ID.

name
  • string

Resource name.

properties.state

Specifies the state of the transparent data encryption.

type
  • string

Resource type.

TransparentDataEncryptionName

The name of the transparent data encryption configuration.

Name Type Description
current
  • string

TransparentDataEncryptionState

Specifies the state of the transparent data encryption.

Name Type Description
Disabled
  • string
Enabled
  • string