Rotating Certificates

How to Enable Transparent Data Encryption

By default, SQL Server does not encrypt data in a SQL Server database in an encrypted format. When SQL Server 2008 was introduced, Microsoft implemented Transparent Data Encryption (TDE). When TDE is enabled on a database SQL Server will encrypt the database as data is written to the disk.

How to Move a TDE Encryption Key to Another SQL Server Instance

If you have a database backup of a Transparent Data Encryption (TDE) enabled database, the database backup will contain encrypted data. Because the database backup contains encrypted data you can’t just restore it to any instance. You can only restore the database backup to an instance that contains the same certificate used to originally encrypt the database.

Updating an expired SQL Server TDE certificate

Simon Liew explains how to generate a new TDE certificate to replace the previous, and also looks at the steps needed if the database is in an Availability Group.

Encrypting the data

Encrypting SQL Server: Transparent Data Encryption (TDE)

Transparent Data Encryption (TDE) encrypts the data within the physical files of the database, the 'data at rest'. Without the original encryption certificate and master key, the data cannot be read when the drive is accessed or the physical media is stolen. The data in unencrypted data files can be read by restoring the files to another server. TDE requires planning but can be implemented without changing the database. Robert Sheldon explains how to implement TDE.

Database TDE

SQL Server Just Runs Faster - TDE

Performance Surprises and Assumptions : SET NOCOUNT ON

Aaron Bertrand (@AaronBertrand) revisits the impact that eliminating DONE_IN_PROC messages using SET NOCOUNT ON may or may not have on query performance

Transparent Data Encryption (TDE) in SQL Server

There are several ways to implement encryption in SQL Server; Arshad Ali focuses on Transparent Data Encryption (TDE), which was introduced in SQL Server 2008 and is available in later releases.