TDE key setup in SQL server with private endpoint enabled AKV

Question

TDE key setup in SQL server with private endpoint enabled AKV

Hanamant S Malakagond 41

I have an AKV where private endpoint enabled. I want to use same key vault key as TDE key in SQL server. I am not sure whether the DB falls under VNET as private endpoint enabled AKV can be only accessed within the same VNET.

I Did some search but nothing helping me here.

1.Is there any way we can use this private endpoint enabled AKV key in SQL server as TDE key ?

2.Is there any way we can reference these AKV secrets in Devops library as secrets with service connection configuration ?

Akshay-MSFT 18,011 Reputation points Microsoft Employee Moderator

2023-09-14T04:28:18.9133333+00:00

@Hanamant S Malakagond

Hope you got a chance to review the action plan suggested below. Please do let me know if you have any queries in the comments section. If you don't have any further queries and the suggestion works as per your business need. Please "Accept the answer(Yes)" and "share you feedback ". This will help us and others in the community as well.

Thanks,

Akshay Kaushik

Answer accepted by question author

0 additional answers

Your answer

Akshay-MSFT 18,011 Reputation points Microsoft Employee Moderator

2023-09-14T04:28:18.9133333+00:00

@Hanamant S Malakagond

Hope you got a chance to review the action plan suggested below. Please do let me know if you have any queries in the comments section. If you don't have any further queries and the suggestion works as per your business need. Please "Accept the answer(Yes)" and "share you feedback ". This will help us and others in the community as well.

Thanks,

Akshay Kaushik

Answer 1

@Hanamant S Malakagond

Thank you for posting your query on Microsoft Q&A, from above description, I could conclude that you have Transparent data encryption on SQL server and want to :

Use existing private endpoint enabled AKV key in SQL server as TDE key.
Is there any way we can reference these AKV secrets in Devops library as secrets with service connection configuration ?

Please do correct me if this is not the case by responding in the comments section:

Use existing private endpoint enabled AKV key in SQL server as TDE key?

Azure DB is one of the Trusted services by AKV. When using a firewall with AKV, you must enable the option Allow trusted Microsoft services to bypass the firewall. For more information, see Configure Azure Key Vault firewalls and virtual networks.

User's image

If you still get a network connectivity issue then you need to follow: Blocked connectivity between SQL Managed Instance and Key Vault

Is there any way we can reference these AKV secrets in Devops library as secrets with service connection configuration ?

Set up Azure Key Vault access policies: In order to access our Azure Key Vault, we must first set up a service principal to give access to Azure Pipelines. Follow this guide to create your service principal and then proceed with the next steps in this section Set up Azure Key Vault access policies.
Once done then you need to create a service connection for Azure Pipelines.

Thanks,

Akshay Kaushik

Please "Accept the answer" (Yes), and share your feedback if the suggestion answers you’re your query. This will help us and others in the community as well.

Share via

TDE key setup in SQL server with private endpoint enabled AKV

Use existing private endpoint enabled AKV key in SQL server as TDE key?

Is there any way we can reference these AKV secrets in Devops library as secrets with service connection configuration ?

0 additional answers

Your answer