Skip to content

Commit

Permalink
note that this can be used for cmk (hashicorp#28092)
Browse files Browse the repository at this point in the history
  • Loading branch information
catriona-m authored Nov 25, 2024
1 parent eeb928f commit 525ceef
Showing 1 changed file with 1 addition and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ description: |-

Manages the transparent data encryption configuration for a MSSQL Server

!> **IMPORTANT:** This resource should only be used with pre-existing MS SQL Instances that are over 2 years old. For new MS SQL Instances that will be created through the use of the `azurerm_mssql_server` resource, please enable Transparent Data Encryption through `azurerm_mssql_server` resource itself by configuring an [identity](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mssql_server#identity) block. By default all new MS SQL Instances are deployed with System Managed Transparent Data Encryption enabled.
!> **IMPORTANT:** This resource can be used to configure Transparent Data Encryption for MS SQL instances with Customer Managed Keys. For MS SQL instances that are System Managed, it should only be used with pre-existing MS SQL Instances that are over 3 years old. For new System Managed MS SQL Instances that will be created through the use of the `azurerm_mssql_server` resource, please enable Transparent Data Encryption through `azurerm_mssql_server` resource itself by configuring an [identity](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mssql_server#identity) block. By default, all new MS SQL Instances are deployed with System Managed Transparent Data Encryption enabled.

~> **NOTE:** Once transparent data encryption is enabled on a MS SQL instance, it is not possible to remove TDE. You will be able to switch between 'ServiceManaged' and 'CustomerManaged' keys, but will not be able to remove encryption. For safety when this resource is deleted, the TDE mode will automatically be set to 'ServiceManaged'. See `key_vault_uri` for more information on how to specify the key types. As SQL Server only supports a single configuration for encryption settings, this resource will replace the current encryption settings on the server.

Expand Down

0 comments on commit 525ceef

Please sign in to comment.