Transparent Data Encryption is a method to encrypt your SQL Server data on disk. Using it can present challenges, though. How does it work? How does it interact with other SQL Server features? What does it not encrypt? Join Jes as she explains the ins and outs of TDE.

Want to try it yourself (in a test environment!)? Download the script.

↑ Back to top
  1. Backups of databases using TDE are encrypted.

    The following MSDN article states ‘Backup files of databases that have TDE enabled are also encrypted by using the database encryption key.’

    • Correct! What I meant to say – and I realize it didn’t come out well – is that you can’t use TDE solely to encrypt backups. If you enable TDE, it’s going to encrypt the data and log files, then the backups will be encrypted as well. You can’t specify one or the other.

  2. Pingback: (SFTW) SQL Server Links 08/08/14 - John Sansom

  3. Thanks for the good overview.
    Do ALL of the databases on a server have to use the same certificate with the same password?
    IE, If I have separate databases for individual customers does each of the databases use the same encryption key?

    • Ray – no, you can use different certificates for each database.

      • I guess that could make things complicated. For example, if you had a procedure that collects data from multiple databases and uses tempdb to aggregate and transform the data to a report.
        I think I sense “Danger Will Robinson” on that path :)

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>