Sample Header Ad - 728x90

Migrate MSSQL TDE from certificate to EKM

2 votes
1 answer
329 views
sql-server transparent-data-encryption hsm
We have a handful of MSSQL databases encrypted using Transparent Data Encryption (TDE) without an HSM. So the current chain is:

Service Master Key (SMK) ->
Master Key (DMK) ->
Certificate encrypted by DMK ->
User Database - Data Encryption Key (DEK)

The databases are encrypted using the same certificate. Is there a possible migration path to utilizing an HSM without having to re-encrypt all of the databases?
(there is around 100TB of data, so I am trying to avoid re-encryption if at all possible)

Asked by Brain2000 (153 rep)
Sep 7, 2022, 10:38 PM
Last activity: Apr 28, 2025, 08:02 AM
Sidebar Ad - 300x250
Related Questions

Browse more questions from Database Administrators

More questions tagged "sql-server"
More questions tagged "transparent-data-encryption"
More questions tagged "hsm"
Footer Ad - 728x90