| title | Use Azure CLI to enable transparent data encryption |
|---|---|
| description | Enable transparent data encryption in Azure SQL Managed Instance using CLI and your own key. |
| author | MladjoA |
| ms.author | mlandzic |
| ms.reviewer | vanto |
| ms.date | 05/18/2022 |
| ms.service | azure-sql-managed-instance |
| ms.subservice | security |
| ms.topic | how-to |
| ms.custom | kr2b-contr-experiment, devx-track-azurecli |
| ms.devlang | azurecli |
[!INCLUDEappliesto-sqldb]
This Azure CLI script example configures transparent data encryption (TDE) in Azure SQL Managed Instance, using a customer-managed key from Azure Key Vault. This is often referred to as a bring-your-own-key (BYOK) scenario for TDE. To learn more about TDE with customer-managed key, see TDE Bring Your Own Key to Azure SQL.
This sample requires an existing managed instance, see Use Azure CLI to create an Azure SQL Managed Instance.
[!INCLUDE quickstarts-free-trial-note]
[!INCLUDE azure-cli-prepare-your-environment.md]
[!INCLUDE cli-run-local-sign-in.md]
:::code language="azurecli" source="~/../azure_cli_scripts/sql-database/transparent-data-encryption/setup-tde-byok-sqlmi.sh" id="FullScript":::
[!INCLUDE cli-clean-up-resources.md]
az group delete --name $resourceGroup
This script uses the following commands. Each command in the table links to command specific documentation.
| Command | Description |
|---|---|
| az sql db | Database commands. |
| az sql failover-group | Failover group commands. |
For more information on Azure CLI, see Azure CLI documentation.
Additional SQL Database CLI script samples can be found in the Azure SQL Database documentation.