It's pertinent it exists on your server for best security and prevention of someone gaining access to the keys of one of your TDE databases, and by Microsoft's design the Master Key lives in both the TDE database and master database. The Master Key is used to protect all your certificates' private and asymmetric keys of each TDE database. whats the difference between creating the master key and certificate in the MASTER database, and creating the master key and certificate in the database itself ( the one i'm going to use TDE)? I'm asking this because I'm reading this redgate link and it says to backup the master key, but where would I use it?Īnd another question. Then, I enable the encryption with ALTER DATABASE SET ENCRYPTION ON.Īfter this I backup the database, and to restore in the other server, I create a certificate FROM FILE pointing the old certificate (that was CTRL+C / CTR+V to the new server).Īfter this I'm able to restore the database, without restoring the MASTER KEY or the SERVICE MASTER KEY. WITH PRIVATE KEY ( FILE ='C:\tde_backups\CERTIFICATE_I_HATE_TDE_PRIVATE_KEY.PVK',ĮNCRYPTION BY PASSWORD='123superHardPassword') TO FILE ='C:\tde_backups\CERTIFICATE_I_HATE_TDE.CER' I remember that I didn't need to restore the master key on the secondary server to restore the database.Īnd now, as I have bad memory, I'm doing dozens of tests again with sintax, backup and restore and etc to be sure we will not mess with anything after enabling TDE in the database.Īfter creating the MASTER KEY, then CERTIFICATE, then the DATABASE ENCRYPTION KEY, I just backup the CERTIFICATE as below: USE MASTERīACKUP CERTIFICATE CERTIFICATE_I_HATE_TDE I've done this in the past, and now I need to do it again.
0 kommentar(er)
