Enable TDE in Microsoft SQL Server by using EKM

this section shows how to use an asymmetric key stored on the {{k3}} to enable transparent data encryption (tde) in microsoft sql server for database protection you must run all of the following commands in a query window in sql server management studio run the following commands to create a credential for system administrators to use create credential ekmcredential 	with 	 identity = 'sqlserver', 	 secret = 'safest' 	for cryptographic provider fxclekmprovider; go change the values set in the identity and secret fields to match the name and password of the {{k}} user you specified in the fxcl ekm configuration file run the following commands to add the credential to a high privileged user, such as your own domain login in the \[domain\login] format alter login \[win q4e6rg9bsol\administrator] 	add credential ekmcredential; go run the following commands to create an asymmetric key stored inside the fxcl ekm provider use master; go create asymmetric key ekmasym 	from provider fxclekmprovider 	with 	 algorithm = rsa 1024, 	 provider key name = 'ekmasym'; go run the following commands to create a credential for the database engine to use create credential ekmenginecredential 	with 	 identity = 'sqlserver', 	 secret = 'safest' 	for cryptographic provider fxclekmprovider; go change the values set in the identity and secret fields to match the name and password of the {{k}} user you specified in the fxcl ekm configuration file run the following commands to create a login that uses the asymmetric key stored inside the fxcl ekm provider create login ekmlogin from asymmetric key ekmasym; go run the following commands to enable the login to use the database engine credential alter login ekmlogin add credential ekmenginecredential; go run the following commands to create a new example database, add a table to it, and insert information into the table you cannot execute database encryption operations on master, model, tempdb, msdb, or resource databases create database exampledb; go use exampledb; go create table users ( 	id int not null primary key, 	name varchar(64), 	password varchar(128), 	ssn varchar(32) ); go insert into users (id, name, password, ssn) values (1, 'someguy', 'blah', '000 00 0000'), (2, 'somegal', 'password', '000 00 0000'), (3, 'testuser', 'test123', '000 00 0000'); go run the following commands to create a database encryption key for the exampledb database use exampledb; go create database encryption key 	with 	 algorithm = aes 128 	encryption by server asymmetric key ekmasym; go run the following commands to enable transparent data encryption on the exampledb database alter database exampledb 	set encryption on; go to check if data can be decrypted, restart sql server service with the kmes series 3 offline, then run the following command if it fails, tde is configured correctly if the kmes is online, the command should succeed use exampledb; select from users; you can view the asymmetric key that is created on the kmes and used for encrypting the database encryption key (dek) on the key management > keys menu in the {{k}} application interface