Returns information about the encryption state of a database and its associated database encryption keys. For more information about database encryption, see Transparent Data Encryption (TDE).
|Column Name||Data Type||Description|
|database_id||int||ID of the database.|
|encryption_state||int||Indicates whether the database is encrypted or not encrypted.
0 = No database encryption key present, no encryption
1 = Unencrypted
2 = Encryption in progress
3 = Encrypted
4 = Key change in progress
5 = Decryption in progress
6 = Protection change in progress (The certificate or asymmetric key that is encrypting the database encryption key is being changed.)
|create_date||datetime||Displays the date (in UTC) the encryption key was created.|
|regenerate_date||datetime||Displays the date (in UTC) the encryption key was regenerated.|
|modify_date||datetime||Displays the date (in UTC) the encryption key was modified.|
|set_date||datetime||Displays the date (in UTC) the encryption key was applied to the database.|
|opened_date||datetime||Shows when (in UTC) the database key was last opened.|
|key_algorithm||nvarchar(32)||Displays the algorithm that is used for the key.|
|key_length||int||Displays the length of the key.|
|encryptor_thumbprint||varbinary(20)||Shows the thumbprint of the encryptor.|
|encryptor_type||nvarchar(32)||Applies to: SQL Server (SQL Server 2012 (11.x) through current version).
Describes the encryptor.
|percent_complete||real||Percent complete of the database encryption state change. This will be 0 if there is no state change.|
|encryption_state_desc||nvarchar(32)||Applies to: SQL Server 2019 preview and later.
String that indicates whether the database is encrypted or not encrypted.
|encryption_scan_state||int||Applies to: SQL Server 2019 preview and later.
Indicates the current state of the encryption scan.
0 = No scan has been initiated, TDE is not enabled
1 = Scan is in progress.
2 = Scan is in progress but has been suspended, user can resume.
3 = Scan has been successfully completed, TDE is enabled and encryption is complete.
4 = Scan was aborted for some reason, manual intervention is required. Contact Microsoft Support for more assistance.
|encryption_scan_state_desc||nvarchar(32)||Applies to: SQL Server 2019 preview and later.
String that indicates the current state of the encryption scan.
|encryption_scan_modify_date||datetime||Applies to: SQL Server 2019 preview and later.
Displays the date (in UTC) the encryption scan state was last modified.
On SQL Server, requires
VIEW SERVER STATE permission.
On SQL Database Premium Tiers, requires the
VIEW DATABASE STATE permission in the database. On SQL Database Standard and Basic Tiers, requires the Server admin or an Azure Active Directory admin account.
Security-Related Dynamic Management Views and Functions (Transact-SQL)
Transparent Data Encryption (TDE)
SQL Server Encryption
SQL Server and Database Encryption Keys (Database Engine)
ALTER DATABASE SET Options (Transact-SQL)
CREATE DATABASE ENCRYPTION KEY (Transact-SQL)
ALTER DATABASE ENCRYPTION KEY (Transact-SQL)
DROP DATABASE ENCRYPTION KEY (Transact-SQL)