| title | description | author | ms.author | ms.reviewer | ms.date | ms.service | ms.subservice | ms.topic | ms.custom | ms.devlang |
|---|---|---|---|---|---|---|---|---|---|---|
Use Azure CLI to enable transparent data encryption |
Enable transparent data encryption in Azure SQL Managed Instance using CLI and your own key. |
MladjoA |
mlandzic |
vanto |
05/18/2022 |
sql-managed-instance |
security |
conceptual |
kr2b-contr-experiment, devx-track-azurecli |
azurecli |
[!INCLUDEappliesto-sqldb]
This Azure CLI script example configures transparent data encryption (TDE) in Azure SQL Managed Instance, using a customer-managed key from Azure Key Vault. This is often referred to as a bring-your-own-key (BYOK) scenario for TDE. To learn more about TDE with customer-managed key, see TDE Bring Your Own Key to Azure SQL.
This sample requires an existing managed instance, see Use Azure CLI to create an Azure SQL Managed Instance.
[!INCLUDE quickstarts-free-trial-note]
[!INCLUDE azure-cli-prepare-your-environment.md]
[!INCLUDE cli-run-local-sign-in.md]
:::code language="azurecli" source="~/../azure_cli_scripts/sql-database/transparent-data-encryption/setup-tde-byok-sqlmi.sh" id="FullScript":::
[!INCLUDE cli-clean-up-resources.md]
az group delete --name $resourceGroup
This script uses the following commands. Each command in the table links to command specific documentation.
| Command | Description |
|---|---|
| az sql db | Database commands. |
| az sql failover-group | Failover group commands. |
For more information on Azure CLI, see Azure CLI documentation.
Additional SQL Database CLI script samples can be found in the Azure SQL Database documentation.