I have a question about SQL server's transparent encryption (TDE). I need to dump a database instance, which will be restored by another DBA remotely by dumped data files. I was asked to make sure the dumped data files has no TDE so DBA can restore it. I checked online, and I found a query to list the encryption status as follows:

SELECT db_name(database_id), encryption_state FROM sys.dm_database_encryption_keys; 

my database instance is not in the result at all. I run another query as follows:

SELECT db.name, db.is_encrypted, dm.encryption_state, dm.percent_complete, dm.key_algorithm, dm.key_length FROM sys.databases db LEFT OUTER JOIN sys.dm_database_encryption_keys dm ON db.database_id = dm.database_id; GO 

My database instance has value 0 for is_encrypted, and all other values null.

Does it mean my database instance is not encrypted at all?

1 Answer

If your output looks like this...

 name | is_encrypted | encryption_state | percent_complete | key_algorithm | ley_length -------------------------------------------------------------------------------------------- MyDatabase | 0 | NULL | NULL | NULL | NULL 

... your database, [MyDatabase], is NOT encrypted. Nor does it have a database encryption key configured.

If, however, any databases have non-NULLs in columns other than [is_encrypted] (e.g. [encryption_state] = 1), those databases are either encrypted, partially encrypted/decrypted or prepped for encryption.

Read up here for detail on encrpytion states:

0

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy