Transparent Data Encryption (or not) and Periodic Key Changes RRS feed

  • Question

  • Have been browsing the SQL 2008 Compliance Lab and I have a question about TDE (Transparent Data Encryption.)  There is a sample script in the package called RotateKeys.sql that will cause a TDE database to be re-encrypted. If I change the key in that manner does it roll the new key in or does it immediately begin changing all encrypted fields?  Like everyone I'm sure, I have a need to periodically change my keys but it would certainly not be practical to bring my whole database down while a massive re-encryption took place.  Can anyone point to any tools, demos, or articles that explain how to manage periodic key changes without disruption?  If it is not possible to combine TDE and periodic key changes (in normal circumstances) I would appreicate that information also.
    Monday, May 4, 2009 10:06 PM