This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 23%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMG%3C/text%3E%3C/svg%3E)
HI, I have the following query:
Does Transparent Data Encryption (TDE) work on databases configured with Transactional Replication? If true, what considerations should be taken when implementing this?
I have not tested. Nor do I actually know. But if it does not work, I would be very very surprised. The point with TDE is that once you are authenticated to the database, the encryption is indeed transperant to you.
The one thing I like to point out is that you should probably configure the subscribers for TDE as well. Not that there is any such requirement, but it would be kind of funny to have them unencrypted.
Hi @Melin Guaringa, Charlie Stephano
Replication doesn't automatically replicate data from a TDE-enabled database in an encrypted form. Separately enable TDE if you want to protect distribution and subscriber databases.
Snapshot replication can store data in unencrypted intermediate files like BCP files. The initial data distribution for transactional and merge replication can too. During such replication, you can enable encryption to protect the communication channel.
For more information, see Enable Encrypted Connections to the Database Engine (SQL Server Configuration Manager).
Best regards,
Cosmog Hong
If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our Documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Replication doesn't automatically replicate data from a TDE-enabled database in an encrypted form.
This is a little ambiguous. I guess that what you want to say is that the subscriber and the distribution database will not be encrypted, just because the publisher is.
(Your statement could also be read as that replication does not work out of the box with TDE databases.)
I think could help Melin and Charlie if you could clarify.