Skip to content

Latest commit

 

History

History
64 lines (43 loc) · 2.83 KB

transparent-data-encryption-byok-sql-managed-instance-cli.md

File metadata and controls

64 lines (43 loc) · 2.83 KB
title description services ms.service ms.subservice ms.custom ms.devlang ms.topic author ms.author ms.reviewer ms.date
CLI example- Enable BYOK TDE - Azure SQL Managed Instance
Learn how to configure an Azure SQL Managed Instance to start using BYOK Transparent Data Encryption (TDE) for encryption-at-rest using PowerShell.
sql-database
sql-database
security
azurecli
conceptual
MladjoA
mlandzic
vanto
12/07/2021

Manage Transparent Data Encryption in a Managed Instance using your own key from Azure Key Vault

This Azure CLI script example configures Transparent Data Encryption (TDE) with customer-managed key for Azure SQL Managed Instance, using a key from Azure Key Vault. This is often referred to as a Bring Your Own Key scenario for TDE. To learn more about the TDE with customer-managed key, see TDE Bring Your Own Key to Azure SQL.

If you choose to install and use the CLI locally, this article requires that you are running the Azure CLI version 2.0 or later. Run az --version to find the version. If you need to install or upgrade, see Install the Azure CLI.

Sample script

Prerequisites

An existing Managed Instance, see Use Azure CLI to create an Azure SQL Managed Instance.

Sign in to Azure

Cloud Shell is automatically authenticated under the initial account signed-in with. Use the following script to sign in using a different subscription. Sign in to Azure using the appropriate subscription. [!INCLUDE quickstarts-free-trial-note]

subscription="<subscriptionId>" # add subscription here

az account set -s $subscription # ...or use 'az login'

For more information, see set active subscription or log in interactively

Run the script

:::code language="azurecli" source="~/azure_cli_scripts/sql-database/transparent-data-encryption/setup-tde-byok-sqlmi.sh" range="4-41":::

Clean up deployment

Use the following command to remove the resource group and all resources associated with it.

az group delete --name $resourceGroup

Sample reference

This script uses the following commands. Each command in the table links to command specific documentation.

Command Description
az sql db Database commands.
az sql failover-group Failover group commands.

Next steps

For more information on the Azure CLI, see Azure CLI documentation.

Additional SQL Database CLI script samples can be found in the Azure SQL Database documentation.