migrate tde cert to Azure sql mi

sakuraime 2,276 Reputation points
2021-04-27T10:06:12.093+00:00

Add-AzSqlManagedInstanceTransparentDataEncryptionCertificate is the command to add a tde cert to azure sql mi

but I have difficulty of list the TDE cert imported ( I can't see it by using SSMS to the Azure SQL Mi under master-> certificate)

how to list ? or can export back? How to rotate the certificate ?

Azure SQL Database
No comments
{count} votes

1 answer

Sort by: Most helpful
  1. KalyanChanumolu-MSFT 8,251 Reputation points Microsoft Employee
    2021-04-27T16:27:50.94+00:00

    @sakuraime Thank you for reaching out.
    You should be able to retreive the details using Get-AzSqlInstanceTransparentDataEncryptionProtector

    The process to add a Key in BYOK scenario involves configuring a KeyVault NetworkRuleSet and AccessPolicy, these steps are simplified into an easy to use script. Please check if you are following all the steps.

    The process to rotate the TDE Keys is here

    ----------

    If an answer is helpful, please "Accept answer" or "Up-Vote" which might help other community members reading this thread.