Azure Daily 2022 by Gordon

Azure Key Vault Managed HSM support for TDE BYOK now available for Azure SQL

Transparent data encryption (TDE) in Azure SQL Database and Managed Instance helps protect against the threat of malicious offline activity by encrypting data at rest. Azure SQL TDE with Customer-Managed Key (CMK) enables Bring Your Own Key (BYOK) scenario for data protection at rest and allows customers to have full control of the key lifecycle management.

The ability to use an RSA key stored in Azure Key Vault Managed HSM, for customer-managed TDE (TDE BYOK) in Azure SQL Database and Managed Instance is now generally available.

With this, along with the existing option of using Azure Key Vault (standard and premium tiers), customers now have the flexibility to use Managed HSMs for storing their encryption keys to protect their most confidential workloads in Azure SQL.

Azure Key Vault Managed HSM support for TDE BYOK now available for Azure SQL - Microsoft Tech Community

Comments