Create an Azure SQL Server, with data encryption protector
This template creates an Azure SQL server, and activate the data encryption protector with the "bring your own key". For that, you will need to provide the Key Vault, and the Key to use.
Alternatively, you can use the PowerShell file included in this directory to create a Key Vault and generate a key.
Then, the arm template will achieve the following:
- Create the Azure SQL server
- Add the SQL server principalID access to the given Key Vault (permissions 'get', 'wrapLey' and 'unwrapKey')
- Add a new key at the SQL server level, with the Key value from the Vault
- And finally, activate the protector using the key created before
Tags: Microsoft.Sql/servers, SystemAssigned, Microsoft.Resources/deployments, Microsoft.KeyVault/vaults/accessPolicies, Microsoft.Sql/servers/keys, Microsoft.Sql/servers/encryptionProtector, Microsoft.ManagedIdentity/userAssignedIdentities, Microsoft.Authorization/roleAssignments, Microsoft.KeyVault/vaults, Microsoft.Resources/deploymentScripts, userAssigned