| title | Export and Import Databases Using Always Encrypted | |
|---|---|---|
| description | Export and import databases using Always Encrypted | |
| author | jaszymas | |
| ms.author | jaszymas | |
| ms.reviewer | vanto, randolphwest | |
| ms.date | 03/11/2025 | |
| ms.service | sql | |
| ms.subservice | security | |
| ms.topic | conceptual | |
| helpviewer_keywords |
|
|
| monikerRange | =azuresqldb-current || >=sql-server-2016 || >=sql-server-linux-2017 || =azuresqldb-mi-current |
[!INCLUDE SQL Server Azure SQL Database Azure SQL Managed Instance]
This article describes how to export and import databases containing columns protected with Always Encrypted.
When you export a database, all data stored in encrypted columns is retrieved from the database in the encrypted form (ciphertext) and put into the resulting BACPAC. The resulting BACPAC also contains the metadata for Always Encrypted keys.
When you import the BACPAC into a database, the encrypted data from the BACPAC is loaded into the database and Always Encrypted key metadata is re-created.
If you have an application that is configured to query encrypted columns stored in the source database (the one you exported), you don't need to do anything special to enable the application to query the encrypted data in the target database, as the keys in both databases are the same.
For detailed information about how to export and import a database, see:
- Export a BACPAC file
- Import a BACPAC file to create a new database
- Export an Azure SQL database to a BACPAC file
- Import a BACPAC file to a database in Azure SQL Database
- SqlPackage
You need the following permissions:
-
ALTER ANY COLUMN MASTER KEYandALTER ANY COLUMN ENCRYPTION KEYon the source database. -
ALTER ANY COLUMN MASTER KEY,ALTER ANY COLUMN ENCRYPTION KEY,VIEW ANY COLUMN MASTER KEY DEFINITION, andVIEW ANY COLUMN ENCRYPTION DEFINITIONon the target database.
You don't need to have access to column master keys configured for the encrypted columns, as the data stays encrypted during the export and import operations.