Azure Key Vault -

Question

Azure Key Vault -

jolly 0

Hello,

i am very new to AKV. We have Dev, UAT and Prod SQL environments (on prem) and every quarter we refresh the data in Dev and UAT from Prod by restoring the production database to these downstream environments. If we enable TDE and use AKV to manage the keys how can we restore the databases to the downstream environments if we are prohibited from granting access to the production key vault from the non production environments. Is there a recommended methodoligy to do this?

kind regards

1 answer

Your answer

Answer 1

hossein jalilian 10,825 Volunteer Moderator

Hello jolly,

Thanks for posting your question in the Microsoft Q&A forum.

When managing Transparent Data Encryption keys for SQL Server databases using Azure Key Vault across environments, it's recommended to use separate key vaults for each environment (Dev, UAT, Prod) to ensure proper isolation and security, especially when refreshing data from production to non-production environments.

Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful

jolly 0 Reputation points

2024-10-29T16:52:57.4033333+00:00

Thank you - but if each environment has a seperate key vault how can one restore from Prod to Dev as the prod db will have a encryption key that Dev will not know and thus not be able to restore the data?
jolly 0 Reputation points

2024-10-29T16:57:44.6733333+00:00

Thank you for the above but if the prod db is encrypted with a key from the prod vault how can you restore the database to a different environment - the TDE will stop the restore unless it has access to teh prod key and as you indicate MS recommends seperate vaults / keys for each environment

Share via

Azure Key Vault -

1 answer

Your answer