Forum Discussion
CMK and Customer Certificate support for TDE - Azure SQL PAAS
hi experts, I need bit of clarity as both CMK is supported for Azure SQL TDE ( Server and DB ) and also Certificate for protecting the DEK. How these 2 concepts are different in protecting th...
You cannot protect the DEK with both a custom certificate and a CMK in Azure SQL PaaS.
- Azure SQL Database/Managed Instance: Use CMK in Azure Key Vault for BYOK.
- SQL Server (on-premises/IaaS): Use certificates in the master database.
They are two different implementations of TDE depending on the deployment model.