SnehaniranjanaSR
commented
8 months ago Any updates on this SR yet?
Open SnehaniranjanaSR opened 8 months ago
SnehaniranjanaSR
commented
8 months ago Any updates on this SR yet?
SnehaniranjanaSR
commented
8 months ago Additionally, I see that, NOTE: The azurerm_sql_database resource is deprecated in version 3.0 of the AzureRM provider and will be removed in version 4.0. Please use the azurerm_mssql_database resource instead.
but the Azure CLI commands given in the URL, (https://learn.microsoft.com/en-us/azure/azure-sql/database/transparent-data-encryption-byok-database-level-basic-actions?view=azuresql&tabs=azure-cli%2Cazure-portal2#view-the-database-level-customer-managed-key-settings-on-an-azure-sql-database) are az sql db and not az mysql db
As I mentioned initially, The feature I am looking for is possible through Azure portal, for my existing DB. But it is not available using terraform code as the Azure REST API is not available.
Looking forward for a help on this asap.
Regards, Sneha
JackTn
commented
7 months ago @MilanNz @jha1bhavna can some one help to check this issue! Thanks. And let me know if you have any question!
Description: I am trying to create my database in azure with TDE with database level customer-managed keys - using Terraform. Need help in achieving that.
I see --encryption-protector $keyid can be used in creation of db using Azure CLI. Is there something similar to use in terraform?
I am trying to achieve,
New supported scenario: Logical server configured with customer-managed key Key1 is configured as the customer-managed key at the logical server level. A different customer-managed key (Key2) can be configured at the database level.
Server – Key1 set as CMK Database1 – Key2 used as CMK Database2 – Key1 used as CMK Database3 – Key1 used as CMK
We have azurerm_mssql_server_transparent_data_encryption" for TDE at server level. I am looking for something similar for database level.
New or Affected Resource(s)/Data Source(s): azurerm_mssql_database
Potential Terraform Configuration: resource "azurerm_mssql_database_transparent_data_encryption" "msql_db_tde"{ server_id = azurerm_mssql_server.sql_server.id database_name = azurerm_mssql_database.databases.name key_vault_key_id = data.azurerm_key_vault_key.mssql_db_key.id }
I was asked to create a thread here as there was no supporting Azure REST API that supports this feature ([https://github.com/hashicorp/terraform-provider-azurerm/issues/24316]). Please confirm if one exists and route me to there or help me with this issue.
Reference: [https://learn.microsoft.com/en-us/azure/azure-sql/database/transparent-data-encryption-byok-database-level-overview?view=azuresql] [https://learn.microsoft.com/en-us/azure/azure-sql/database/transparent-data-encryption-byok-database-level-basic-actions?view=azuresql&tabs=azure-portal%2Cazure-portal2#view-the-database-level-customer-managed-key-settings-on-an-azure-sql-database]