i looking implementing transparent data encryption (tde) on sql azure database. azure creates backups .bacpac files. documentation @ tde mentions
"backup files of databases have tde enabled encrypted using database encryption key. "
the documentation not mention .bak or .bacpac files specifically. have experience, , more importantly, official documentation, tde encrypt .bacpac files?
any pointers , suggestions appreciated.
update: able find official documentation here tde azure . @ bottom of page says .bapacpac files not ecrypted.
i feel huge drawback tde on sql azure, feature prevents .bak files being restored on server without certificate/key used in tde.
.bak , .bacpac files different. .bak files copies of database file pages. .bacpac files created scripting out tsql statements recreate schema of database , using bulk export query , export rows of tables. see https://msdn.microsoft.com/en-us/library/hh213241.aspx list item #2 under "before begin" see .bacpac file data extracted using bulk operations.
tde works encrypting database file pages, leaving in memory version of files in plaintext can queried. since .bak files copies of database file pages, encrypted. since data in .bacpac files output queries, plaintext , unencrypted bcp out files tde databases.
