February 14, 2022 at 5:58 am
Hi,
I know TDE is used for encrypting at rest data, but can we also encrypt in flight data by not using self sign cert? Until now, I was thinking we can only encrypt at rest data with TDE. So, please let me know your thoughts.
Thanks!
February 15, 2022 at 6:10 am
Thanks for posting your issue and hopefully someone will answer soon.
This is an automated bump to increase visibility of your question.
February 15, 2022 at 6:24 am
Encryption can be done in many places.
Its not quite clear where you are wanting the encryption to be from your original statement.
TDE encrypts the files so no one can go and pull the MDF/NDF/LDF/BAK/TRN files and move them to another server without the correct keys and certs.
You can then do column encryption at the database layer using ENCRYPT BY KEY / ENCRYPT BY CERTIFICATE to store data in tables in encrypted format.
If your on a recent enough version of SQL you can use Alway Encrypted, to again encrypt at the column level but only the application knows the decryption key.
Or finally you can use connection encryption, you need a cert issued by a trusted CA really and replace that at the service layer in configuration manager.
All of this is detailed steps on the docs site of course.
https://docs.microsoft.com/en-us/sql/t-sql/functions/encryptbykey-transact-sql?view=sql-server-ver15
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply