November 16, 2023 at 12:07 pm
Hi,
Just wondering if it is possible to use the master/database encryption keys and certificate to take a copy only unencrypted backup of a database with TDE deployed? This is to specifically avoid the scenario of having to: 1) restore an encrypted backup of the database with TDE on to the same instance, 2) remove the encryption from that restored database copy, 3) take the (unencrypted) backup from that restored copy and then drop the unencrypted database. All of this could take many hours for larger databases and require some manual effort/attention.
I appreciate the potential security concerns if this is possible, hence me asking if it could be achieved using the relevant TDE keys and certificate which are backed up and securely stored, accessible only by admins.
I've not been able to find anything generally when researching this, so I suspect the answer is that this is not possible at all without avoiding the scenario outlined above, but wanted to check if anyone knew anything different.
Thanks,
Chris
November 16, 2023 at 3:59 pm
you don't have to restore it to the same instance. Any instance that you restore the certificate (that is used by TDE) to, will be able to restore the backup.
I am unaware of a way to make an unencrypted backup from a TDE protected database.
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply