Skip to content

Azure Transparent Data Encryption

Transparent Data Encryption (TDE) is a security feature in relational databases designed to protect data at rest.

Key Features

  1. Encryption of Data at Rest
    TDE encrypts database data files, including backups. Unauthorized access to physical files does not expose readable data without decryption keys.

  2. Automatic and Transparent
    Encryption and decryption are automatic and transparent to applications. No changes are required to application code, as TDE operates at the storage level.

  3. Protection Against Unauthorized Access
    TDE safeguards data against unauthorized access, especially if physical media (disks or backup tapes) are lost or stolen.

  4. Key Management
    TDE uses hierarchical key management. A master encryption key (managed by the database system) encrypts a database encryption key, which encrypts the data. This enables secure key management and rotation without re-encrypting data.

TDE provides a robust layer of security for sensitive data in databases, without impacting performance or requiring major