April 12, 2018 at 10:16 am
Hi All,
Is it possible to manually Manage the Service Master Key rather than use an expensive HSM? We create a backup of the keys but want to remove the Service Master Key and still leave in place all the other keys. If needed use the backups.
Is that possible? Seems like the Service Master Key is seldom used after the TDE is setup.
Thanks!
April 12, 2018 at 10:49 am
tane461 - Thursday, April 12, 2018 10:16 AMHi All,
Is it possible to manually Manage the Service Master Key rather than use an expensive HSM? We create a backup of the keys but want to remove the Service Master Key and still leave in place all the other keys. If needed use the backups.
Is that possible? Seems like the Service Master Key is seldom used after the TDE is setup.Thanks!
No. The SMK is used both directly and indirectly. The DMK is protected by the SMK. You may want to go over the encryption hierarchy - it's explained in one of the TDE documents:
Transparent Data Encryption (TDE)
Sue
November 5, 2018 at 5:59 am
Manual management is a decent decision when you need to control the key rotation plan. It additionally furnishes an approach to rotate SMKs with imported key material.
However, managing client's SMKs may result in additional month to month charges.
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply