Enable Transparent Data encryption on the Microsoft SQL Server
All of the following commands need to be run inside a Query window in SQL Server Management Studio.
Create a credential for use by system administrators.
The values set in the IDENTITY and SECRET fields should be the name and password of the identity created on the that is specified in the FXCL EKM configuration file (i.e., config.json).
Add the credential to a highly privileged user, such as your own domain login.
Create an asymmetric key stored in through the EKM provider.
Create a credential for the Database Engine to use.
The values set in the IDENTITY and SECRET fields should be the name and password of the identity created on the CryptoHub that is specified in the FXCL EKM configuration file (such as config.json).
Create a login that uses the asymmetric key stored inside the FXCL EKM provider.
Enable the login to use the database engine credentials.
Create a new example database, add a table to it, then insert information into the table.
Database encryption operations cannot be executed on master, model, tempdb, msdb, or resource databases.
Create a database encryption key for the exampleDB database.
Enable transparent data encryption on the exampleDB database.
Check if data can be decrypted.
If possible, restart SQL Server service with the CryptoHub offline, then check if the following command fails. If it does, then TDE is set up correctly. If the CryptoHub is online, the command should succeed.