sql-docs
sql-docs copied to clipboard
MicrosoftDocs
Add Geo-Replicated SQL MI autorotation note
In sql-docs\azure-sql\database\transparent-data-encryption-byok-key-rotation.md
Added a note to provide clarification when using the same default TDE encryptor across a failover group. This is mentioned in a different page here; however, the article I've updated contradicts the configuration.
The behaviour has been confirmed by the SQL MI Product Group via a support ticket.
@lukecalderon : Thanks for your contribution! The author(s) have been notified to review your proposed change.
![prmerger-automator[bot] avatar](https://avatars.githubusercontent.com/u/22479449?v=4 "Published by a pub.dev verified publisher"){kind=small}
Learn Build status updates of commit 4ba5fb3:
:white_check_mark: Validation status: passed
| File | Status | Preview URL | Details |
|---|---|---|---|
| azure-sql/database/transparent-data-encryption-byok-key-rotation.md | :white_check_mark:Succeeded |
For more details, please refer to the build report.
For any questions, please:
- Try searching the learn.microsoft.com contributor guides
- Post your question in the Learn support channel
![learn-build-service-prod[bot] avatar](https://avatars.githubusercontent.com/in/237442?v=4 "Published by a pub.dev verified publisher"){kind=small}
@GithubMirek
Can you review the proposed changes?
Important: When the changes are ready for publication, adding a #sign-off comment is the best way to signal that the PR is ready for the review team to merge.
#label:"aq-pr-triaged" @MicrosoftDocs/public-repo-pr-review-team
Thanks, @lukecalderon - Can you help reference the support ticket?
@GithubMirek - Please confirm if these changes are correct.
Thanks, @lukecalderon - Can you help reference the support ticket?
Sure - MS Support Ref is 2405230030006073
Learn Build status updates of commit 6c8245b:
:white_check_mark: Validation status: passed
| File | Status | Preview URL | Details |
|---|---|---|---|
| azure-sql/database/transparent-data-encryption-byok-key-rotation.md | :white_check_mark:Succeeded |
For more details, please refer to the build report.
For any questions, please:
- Try searching the learn.microsoft.com contributor guides
- Post your question in the Learn support channel
Hi @lukecalderon - I'm getting contradicting information from the Product Team on this. I'll need to investigate further. Thanks.
Hi @lukecalderon - I'm getting contradicting information from the Product Team on this. I'll need to investigate further. Thanks.
No problem, sums up my experience too. Happy to provide any further info on it if needed.
Hi @lukecalderon - I'm getting contradicting information from the Product Team on this. I'll need to investigate further. Thanks.
No problem, sums up my experience too. Happy to provide any further info on it if needed.
Hi @lukecalderon - Looking at the Support case you referenced, it doesn't mention that the issue was due to not having Auto-rotate key set on both servers. That may have been what was mentioned to you, but our Product Team stated that the setting isn't needed on both servers. Auto rotation can ben enabled on either the primary or the secondary server, and should still work. I'll need to fix language on our other doc as well to reflect this.
If you have more to add or know of the PG person that stated this, I can help follow-up. Thanks!
Hi @lukecalderon - Looking at the Support case you referenced, it doesn't mention that the issue was due to not having Auto-rotate key set on both servers. That may have been what was mentioned to you, but our Product Team stated that the setting isn't needed on both servers. Auto rotation can ben enabled on either the primary or the secondary server, and should still work. I'll need to fix language on our other doc as well to reflect this.
If you have more to add or know of the PG person that stated this, I can help follow-up. Thanks!
Hi @VanMSFT - I was in direct discussion with the engineer (Abdullah Qtaishat) over Teams, who in turn was in discussion with the Product Group, so this may not have made it into the ticketing system.
In our configuration, we had the primary configured with Default TDE/Auto-Rotation:
Whilst on the secondary, it was configured without auto-rotation:
They both matched, until the primary rotated. The key existed on the secondary server, but a 'background job' got stuck rotating the key onto the secondary. The PG had to manually cancel the job, before I could manually select the new key on the secondary server. Afterwards, the engineer informed me that the PG had stated if the same key is used on the primary and secondary servers, and is the default TDE protector, then auto-rotation must be enabled on both servers.
Thanks for the additional context, @lukecalderon! I'll check with them and see what they'll say.
Thanks for the additional context, @lukecalderon! I'll check with them and see what they'll say.
Hi @VanMSFT, how did you get on with the PG?
Learn Build status updates of commit 8eb748e:
:white_check_mark: Validation status: passed
| File | Status | Preview URL | Details |
|---|---|---|---|
| azure-sql/database/transparent-data-encryption-byok-key-rotation.md | :white_check_mark:Succeeded |
For more details, please refer to the build report.
For any questions, please:
- Try searching the learn.microsoft.com contributor guides
- Post your question in the Learn support channel
Invalid command: '#sign-off'. Only the assigned author of one or more file in this PR can sign off. @GithubMirek
PR 9837 has been merged from lukecalderon:lcalderon-update-sqlmi-georeplicated-autorotation to MicrosoftDocs:live by Jak-MS.
@lukecalderon, @VanMSFT, @rwestMSFT
@Jak-MS In future, please use a squash merge if there is more than one commit from this repo.
