May 30, 2019 at 7:13 am
Hi All,
Sorry to post here didn't find a forum to post Azure related Q's.
We are planning to have an Azure SQL Database as planning to enable to TDE on the same. The DEK will be encrypted again by KEK which will be stored in Azure vault . Experts please help me understand below
Thanks in Advance
May 30, 2019 at 12:40 pm
This is a resource I trust very much talking about this topic. His suggestion is to change the keys every two years. Read the article for more details.
"The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood"
- Theodore Roosevelt
Author of:
SQL Server Execution Plans
SQL Server Query Performance Tuning
May 31, 2019 at 8:45 am
This is a resource I trust very much talking about this topic. His suggestion is to change the keys every two years. Read the article for more details.
Thanks Grant.
The post not mentioning anything on KEK.
May 31, 2019 at 1:41 pm
So.. just a note to add.. Azure automatically uses TDE on all databases.. and if you leave it on the default of letting azure handle the key it swaps out the key every 90 days.
Also, you shouldnt have to decrypt to update the master key
USE master; ALTER MASTER KEY REGENERATE WITH ENCRYPTION BY PASSWORD = 'YourNewPasswordHere'
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply