Reputation: 11
SQL MI - manual backups failing on databases with encryption ON
anyone came across failing manual backups on SQL MI recently, since yesterday TDE kicked in and databases created had Encryption set to ON?
SOLUTION: to explicitly backup database to blob storage you need to set encryption to OFF before triggering manual backup
Upvotes: 0
Views: 1486
Answers (1)
Reputation: 14640
Transparent Data Encryption don't allow you to do manual backups in Managed Instance. TDE encrypts data and backups with internal TDE keys that are periodically rotated. Since you cannot export current TDE key you could not decrypt backup, and since the current TDE key will be replaced with the new one, Azure would not be able to restore your encrypted backup after some time.
Therefore RESTORE is not enabled if TDE is ON. This is documented here:
Upvotes: 2
Related Questions
- Why is my managed instance database encryption is not being disabled?
- SQL Always Encrypted in Azure
- Can't export SQL Azure database when stored procedure is encrypted
- Azure SQL DB MI doesn't support Windows Authentication
- How to force in-transit encryption on Sql Azure like on regular SQL Server?
- How to turn off database encryption through powershell
- Always Encrypted SQL Server 2016 times out in Azure
- Always encrypted Behavior in SQL Server 2016
- SQL Azure DB throws error 'login failed for user' during web app backup
- Sql Db Backups on Azure