SQL Server TDE, Azure Key Vault, and Azure Arc

Copper Contributor

With SQL 2022, there is more of a potential dependence on Azure Arc for the hybrid cloud experience, especially around security.  Is there a way that we can utilize Arc with SQL Server on-prem and Azure Key Vault for managing TDE keys?  If you can setup that process, will it be able to handle auto key rotations from Key Vault?

I'm looking for the ability to use Key Vault for the EKM, but also be able to handle key rotation in a somewhat automated fashion.  


Currently, the SQL connector cannot handle key rotations, so it is a very manual process to create new logins and keys to re-encrypt the databases.


0 Replies