Some content on this site is available only to logged-in subscribers. Contact Us for information on becoming a subscriber.

InSource.Solutions | InSource Training | InSource Client Portal
InSource Solutions Logo
Log In Sign Up
InSource.Solutions InSource Training InSource Client Portal Log In Sign Up
  • Home
  • Supporting Technologies (i.e. Windows / SQL Server / VMWare / etc.)
  • Supporting Technologies Tech Notes

TN 1190 How to enable Transparent Data Encryption in SQL Server

Last updated: February 28th, 2025

Description

  • Author: Ron Tanner
  • Published: February 28th, 2025

Details:

Description

This article from InSource shows how to enable TDE for use with j5 SQL Server

  • Author: Ron Tanner
  • Published: 09/23/2021
  • Applies to: j5

Details

SQL Server Transparent Data Encryption (TDE) was first introduced in SQL Server 2008(and above). Purpose was to protect data by encrypting the physical files data (mdf) and log (ldf) files (it does not encrypt the actual data stored within the database).

Steps necessary to enable TDE:

  1. Open SQL Server Management studio
  2. Create the Master Key:

USE Master;

GO

CREATE MASTER KEY ENCRYPTION

BY PASSWORD='InsertAStrongPasswordHere';

GO

  1. Create Certificate which is protected by the master key:

CREATE CERTIFICATE TDECertificate

WITH

SUBJECT='Database_Encryption';

GO

  1. Create the Database Encryption Key:

USE <DB>

GO

CREATE DATABASE ENCRYPTION KEY

WITH ALGORITHM = AES_256

ENCRYPTION BY SERVER CERTIFICATE TDECertificate;

GO

  1. Enable the Encryption:

ALTER DATABASE <DB>

SET ENCRYPTION ON;

GO

  1. Backup the Certificate:

BACKUP CERTIFICATE TDECertificate

TO FILE = 'C:\temp\TDECertificate'

WITH PRIVATE KEY (file='C:\temp\TDE_CertKey.pvk',

ENCRYPTION BY PASSWORD='InsertAStrongPasswordHere')

  1. How to restore the Certificate

USE Master;

GO

CREATE MASTER KEY ENCRYPTION

BY PASSWORD='InsertAStrongPasswordHere';

GO

USE MASTER

GO

CREATE CERTIFICATE TDECertificate

FROM FILE = 'C:\Temp\TDECertificate'

WITH PRIVATE KEY (FILE = 'C:\TDECert_Key.pvk',

DECRYPTION BY PASSWORD = 'InsertAStrongPasswordHere' );

sql server encryption
Give feedback about this article

Recommended articles

TN - 1240 Creating a Watchlist Using an Import File

Read More

How to receive group emails

Read More

TN0001

This is a test by Kevin

Read More
Support Icon

CONTACT SUPPORT

How to reach us

10800 Midlothian Turnpike Tpke, Suite 209, Richmond, VA 23235

1.877.INSOURCE

Technical Support - 1.888.691.3858

Contact Us

  • InSource Solutions
  • InSource Training
  • InSource Client Portal
  • Log In
InSource Solutions Logo

© 2025 InSource Solutions. All Rights Reserved.

Knowledge Base Software powered by Helpjuice

Expand