Hello

I have a question regarding Transparent Data Encryption. I have enabled TDE on a database using the below steps:

1. Create a master key encryption by a password.

2. Create a certificate in the the user database named 'TDE_Test' protected by the master key.

3. Create database encryption key 'TDE_Test' using the certificate created in Step 2.

4. Enable encryption by using the command 'ALTER DATABASE  TDE_Test SET ENCRYPTION ON' 

I understand that if I need to copy this TDE encrypted database to a different SQL Instance, I have to copy the certificate from the source Instance to the destination Instance.

Now my question is, do the Service Master Key and Database Master Key come into the picture here anywhere?

Are these related to TDE in any way?

Do I have to take regular backups of the Service Master Key & Database Master Key as part of regular maintenance for the SQL Instance that has a TDE encrypted database?

Thanks

Satya

• Edited by Satya Krishna 7 hours 1 minutes ago