If you need to restore a database that was encrypted with a TDE (transparent data encryption) customer-managed key into a server that is encrypted with a different key, you can follow the steps below:
Note: They key was changed from thlemes-sqldb-k to thlemes-key2
This is because the TDE Protector key wasn’t changed and It’s shown by default in the Portal. However, after adding the source key as non-TDE Protector, you will be able to successfully perform the restore from the source backup into the target server/instance.
Although you can’t see the keys that are not the TDE Protector in the Portal, you can list them using REST API:
SQL Managed Instance: https://docs.microsoft.com/en-us/rest/api/sql/managedinstancekeys
There is also a REST API command to delete the key if you need to, as you can see in the links above.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.