We are thrilled to announce the Public Preview of Transparent Data Encryption (TDE) and Service-Managed Credential Rotation for Arc-enabled SQL Managed Instance. With a focus on data security, this release introduces features to ensure that your sensitive information is protected.
Azure Arc-enabled SQL Managed Instance now supports a managed solution for encrypting-at-rest all your databases within a managed instance. TDE offers robust encryption to safeguard your data.
There are two modes that a user can specify when using Transparent Data Encryption: Customer-managed and Service-managed. This feature can be enabled via the Kubernetes spec and az CLI.
|
Customer-managed keys (CMK) |
Service-managed keys (SMK) |
Disabled |
Use Cases |
Businesses that would like full control on the certificates encrypting their data. |
Businesses that would like the arc-enabled data controller to manage the certificates for them. |
Businesses would like to manually manage encryption of each database and their managed instance themselves. |
Characteristics |
User managed. Users bring the certificate to encrypt their data. |
Service managed. The service will create the certificate automatically. |
User managed. Users must manually load and enable encryption-at-rest on their managed instances. |
Deployment Process |
Users must create a Kubernetes secret with their certificate, then update their SQL MI Custom Resource spec. |
Users update their SQL MI Custom Resource spec. |
A series of Kubernetes exec commands as well as T-SQL commands for each database. |
Azure Arc-enabled SQL Managed Instance now supports a simple way to rotate some service-managed credentials in your SQL Managed Instance for both the general purpose and business critical service tiers. The primary benefit of credential rotation is enhanced security. By regularly refreshing access credentials, potential security vulnerabilities due to compromised or outdated credentials are mitigated.
Credential Management |
Credential Types |
Documentation Link |
Service-managed |
Most certificates, logins |
Rotate SQL Managed Instance service-managed credentials (preview) - Azure Arc | Microsoft Learn |
Customer-managed |
TLS certificate |
Overall, the Public Preview release of Transparent Data Encryption (TDE) and Credential Rotation for Arc-enabled SQL Managed Instance increases data security and management. With TDE, your sensitive information will be protected, and Credential Rotation ensures that access credentials are seamlessly refreshed for increased security.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.