Enable TDE on Source DB

Enable TDE on Source DB

• Create Master Key on MASTER DB
• Backup Master Key of Master DB
• Create Certificate on MASTER DB
• Backup Certificate on MASTER DB
• Create Encryption Key on User DB.
• Finally Enable TDE on User DB

At Source Server:
Step 1: Create Database Master Key on Master DB.
USE master;
GO
CREATE MASTER KEY ENCRYPTION BY PASSWORD=’OracleAgent@DBA$123′;
GO
–Use this if Master key already exists and to add a new Master Key.
–ALTER MASTER KEY ADD ENCRYPTION BY PASSWORD =’OracleAgent@DBA$123′;

Step-2: Backup Master Key of MASTER DB:
USE MASTER
BACKUP MASTER KEY
TO FILE = ‘D:\OracleAgent\TDE\MasterKey.key’
ENCRYPTION BY PASSWORD = ‘OracleAgent@DBA$123’

Step 3: Create a Certificate on Master DB to support TDE
USE master;
GO
CREATE CERTIFICATE TDE_Cert_New
WITH SUBJECT=’Database_Encryption’;
GO

Step-4: Backup Master DB Certificate & Private Key;
This step is not required to encrypt a database using TDE. But to make sure you can recover your encrypted data from a database backup, should your instance database become corrupted, or you want to move an encrypted database to another server, you should backup the certificate.
Run the following code:
USE master;
GO
BACKUP CERTIFICATE TDE_Cert_New
TO FILE = ‘D:\OracleAgent\TDE\TDE_Cert_New.cer’
WITH PRIVATE KEY(
FILE = ‘D:\OracleAgent\TDE\TDE_Cert_New_PrivateKey.pvk’,
ENCRYPTION BY PASSWORD = ‘OracleAgent@DBA$123’
)
Note: Store the PASSWORD in a safe place.

Step 5: Create Database Encryption Key on required User DB.
USE Advworks
GO
CREATE DATABASE ENCRYPTION KEY
WITH ALGORITHM = AES_256
ENCRYPTION BY SERVER CERTIFICATE TDE_Cert_New;

Step 6: Enable TDE on Database
ALTER DATABASE Advworks SET ENCRYPTION ON;

In below document i mentioned how to restore in destination server.

RESTORE TDE IN DESTIANTION SERVER

Thank you for giving your valuable time to read the above information.

If you want to be updated with all our articles send us the Invitation or Follow us:

Ramkumar’s LinkedIn: https://www.linkedin.com/in/ramkumardba/
LinkedIn Group: https://www.linkedin.com/in/ramkumar-m-0061a0204/
Facebook Page: https://www.facebook.com/Oracleagent-344577549964301
Ramkumar’s Twitter : https://twitter.com/ramkuma02877110
Ramkumar’s Telegram: https://t.me/oracleageant
Ramkumar’s Facebook: https://www.facebook.com/ramkumarram8