![]() ![]() Hopefully when TDE was set up on the source server a certificate backup was taken. In order to move a TDE encrypted database to another instance you need to have a backup of the certificate that was used to encrypt the TDE enabled database being moved. If the Database Master Key doesn’t exist, then you can create it with the following TSQL code: USE master GO CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'Provide Strong Password Here For Database Master Key' GO Step 2: Generate the Certificate Backup from Source Instance If a Database Master Key exists, then the above code will return the name of the Database Master key. symmetric_keys WHERE name LIKE '%DatabaseMasterKey%' To verify that the Database Master key exists you can run the following TSQL code: USE master SELECT name FROM sys. In this step you need to verify that the target server for the restore has a Database Master Key created. ![]() Step 1: Verify that there is a Database Master Key ![]() ![]() Here are the steps it takes to copy the original certificate to the instance where the TDE enabled backup will be restored. If you want to restore an encrypted database backup to a new instance you need to import the certificate from the source instance where the encrypted backup was created. You can only restore the database backup to an instance that contains the same certificate used to originally encrypt the database. Because the database backup contains encrypted data you can’t just restore it to any instance. If you have a database backup of a Transparent Data Encryption (TDE) enabled database, the database backup will contain encrypted data. ![]()
0 Comments
Leave a Reply. |