使用 ARM 模板在 Azure SQL 数据库上设置透明数据加密
Setting Transparent Data Encryption on Azure SQL DB using an ARM Template
是否可以使用 ARM json 模板为 SQL Azure 数据库打开透明数据加密?如果可以,怎么做?
模板应如下所示。
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"serverName": {
"type": "string",
"defaultValue": "TDETest2",
"metadata": {
"description": "The name of the new SQL Server to create."
}
},
"administratorLogin": {
"type": "string",
"metadata": {
"description": "The admin user of the SQL Server"
}
},
"administratorLoginPassword": {
"type": "securestring",
"metadata": {
"description": "The password of the admin user of the SQL Server"
}
},
"databaseName": {
"type": "string",
"defaultValue": "TDETest2",
"metadata": {
"description": "The name of the new database to create."
}
},
"collation": {
"type": "string",
"defaultValue": "SQL_Latin1_General_CP1_CI_AS",
"metadata": {
"description": "The database collation for governing the proper use of characters."
}
},
"edition": {
"type": "string",
"defaultValue": "Basic",
"allowedValues": [
"Basic",
"Standard",
"Premium"
],
"metadata": {
"description": "The type of database to create."
}
},
"maxSizeBytes": {
"type": "string",
"defaultValue": "1073741824",
"metadata": {
"description": "The maximum size, in bytes, for the database"
}
},
"requestedServiceObjectiveName": {
"type": "string",
"defaultValue": "Basic",
"allowedValues": [
"Basic",
"S0",
"S1",
"S2",
"P1",
"P2",
"P3"
],
"metadata": {
"description": "Describes the performance level for Edition"
}
}
},
"variables": {
},
"resources": [
{
"name": "[parameters('serverName')]",
"type": "Microsoft.Sql/servers",
"location": "[resourceGroup().location]",
"tags": {
"displayName": "SqlServer"
},
"apiVersion": "2014-04-01-preview",
"properties": {
"administratorLogin": "[parameters('administratorLogin')]",
"administratorLoginPassword": "[parameters('administratorLoginPassword')]"
},
"resources": [
{
"name": "[parameters('databaseName')]",
"type": "databases",
"location": "[resourceGroup().location]",
"tags": {
"displayName": "Database"
},
"apiVersion": "2014-04-01-preview",
"dependsOn": [
"[parameters('serverName')]"
],
"properties": {
"edition": "[parameters('edition')]",
"collation": "[parameters('collation')]",
"maxSizeBytes": "[parameters('maxSizeBytes')]",
"requestedServiceObjectiveName": "[parameters('requestedServiceObjectiveName')]"
},
"resources":[
{
"name": "current",
"type": "transparentDataEncryption",
"dependsOn": [
"[parameters('databaseName')]"
],
"location": null,
"apiVersion": "2014-04-01",
"properties": {
"status": "Disabled"
}
}
]
},
{
"type": "firewallrules",
"apiVersion": "2014-04-01-preview",
"dependsOn": [
"[parameters('serverName')]"
],
"location": "[resourceGroup().location]",
"name": "AllowAllWindowsAzureIps",
"properties": {
"endIpAddress": "0.0.0.0",
"startIpAddress": "0.0.0.0"
}
}
]
}
],
"outputs": {
"sqlSvrFqdn": {
"type": "string",
"value": "[reference(concat('Microsoft.Sql/servers/', parameters('serverName'))).fullyQualifiedDomainName]"
}
}
}
transparentDataEncryption
应该是属于 SQL 数据库的资源。所以我把它放在数据库模板的资源下。
但是,在测试此模板后,我收到以下错误消息。
Code : InvalidTemplate
Message : Deployment template validation failed: 'The template resource 'Microsoft.Sql/servers/TDETest2/databases/TDETest2' cannot reference itself. Please see http://aka.ms/arm-template-expressions/#reference for usage details.'.
这意味着 ARM 模板尚不支持透明数据加密。我已经发布了一个功能请求。请投票here
Thanks for @JeffBailey. I find out that I have made a mistake in my template, using serverName instead of databaseName in the dependsOn
of the transparentDataEncryption. The template has been updated.
您需要添加资源:
"resources":[
{
"name": "current",
"type": "transparentDataEncryption",
"dependsOn": [
"[parameters('databaseName')]"
],
"location": null,
"apiVersion": "2014-04-01",
"properties": {
"status": "Enabled"
}
}
]
并且数据库版本必须是版本 12:
"resources": [
{
"name": "[parameters('serverName')]",
"type": "Microsoft.Sql/servers",
"location": "[resourceGroup().location]",
"tags": {
"displayName": "SqlServer"
},
"apiVersion": "2014-04-01-preview",
"properties": {
"administratorLogin": "[parameters('administratorLogin')]",
"administratorLoginPassword": "[parameters('administratorLoginPassword')]",
"version": "12.0"
},
现在加密默认是开启的,你不需要设置为开启。
是否可以使用 ARM json 模板为 SQL Azure 数据库打开透明数据加密?如果可以,怎么做?
模板应如下所示。
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"serverName": {
"type": "string",
"defaultValue": "TDETest2",
"metadata": {
"description": "The name of the new SQL Server to create."
}
},
"administratorLogin": {
"type": "string",
"metadata": {
"description": "The admin user of the SQL Server"
}
},
"administratorLoginPassword": {
"type": "securestring",
"metadata": {
"description": "The password of the admin user of the SQL Server"
}
},
"databaseName": {
"type": "string",
"defaultValue": "TDETest2",
"metadata": {
"description": "The name of the new database to create."
}
},
"collation": {
"type": "string",
"defaultValue": "SQL_Latin1_General_CP1_CI_AS",
"metadata": {
"description": "The database collation for governing the proper use of characters."
}
},
"edition": {
"type": "string",
"defaultValue": "Basic",
"allowedValues": [
"Basic",
"Standard",
"Premium"
],
"metadata": {
"description": "The type of database to create."
}
},
"maxSizeBytes": {
"type": "string",
"defaultValue": "1073741824",
"metadata": {
"description": "The maximum size, in bytes, for the database"
}
},
"requestedServiceObjectiveName": {
"type": "string",
"defaultValue": "Basic",
"allowedValues": [
"Basic",
"S0",
"S1",
"S2",
"P1",
"P2",
"P3"
],
"metadata": {
"description": "Describes the performance level for Edition"
}
}
},
"variables": {
},
"resources": [
{
"name": "[parameters('serverName')]",
"type": "Microsoft.Sql/servers",
"location": "[resourceGroup().location]",
"tags": {
"displayName": "SqlServer"
},
"apiVersion": "2014-04-01-preview",
"properties": {
"administratorLogin": "[parameters('administratorLogin')]",
"administratorLoginPassword": "[parameters('administratorLoginPassword')]"
},
"resources": [
{
"name": "[parameters('databaseName')]",
"type": "databases",
"location": "[resourceGroup().location]",
"tags": {
"displayName": "Database"
},
"apiVersion": "2014-04-01-preview",
"dependsOn": [
"[parameters('serverName')]"
],
"properties": {
"edition": "[parameters('edition')]",
"collation": "[parameters('collation')]",
"maxSizeBytes": "[parameters('maxSizeBytes')]",
"requestedServiceObjectiveName": "[parameters('requestedServiceObjectiveName')]"
},
"resources":[
{
"name": "current",
"type": "transparentDataEncryption",
"dependsOn": [
"[parameters('databaseName')]"
],
"location": null,
"apiVersion": "2014-04-01",
"properties": {
"status": "Disabled"
}
}
]
},
{
"type": "firewallrules",
"apiVersion": "2014-04-01-preview",
"dependsOn": [
"[parameters('serverName')]"
],
"location": "[resourceGroup().location]",
"name": "AllowAllWindowsAzureIps",
"properties": {
"endIpAddress": "0.0.0.0",
"startIpAddress": "0.0.0.0"
}
}
]
}
],
"outputs": {
"sqlSvrFqdn": {
"type": "string",
"value": "[reference(concat('Microsoft.Sql/servers/', parameters('serverName'))).fullyQualifiedDomainName]"
}
}
}
transparentDataEncryption
应该是属于 SQL 数据库的资源。所以我把它放在数据库模板的资源下。
但是,在测试此模板后,我收到以下错误消息。
Code : InvalidTemplate
Message : Deployment template validation failed: 'The template resource 'Microsoft.Sql/servers/TDETest2/databases/TDETest2' cannot reference itself. Please see http://aka.ms/arm-template-expressions/#reference for usage details.'.
这意味着 ARM 模板尚不支持透明数据加密。我已经发布了一个功能请求。请投票here
Thanks for @JeffBailey. I find out that I have made a mistake in my template, using serverName instead of databaseName in the
dependsOn
of the transparentDataEncryption. The template has been updated.
您需要添加资源:
"resources":[
{
"name": "current",
"type": "transparentDataEncryption",
"dependsOn": [
"[parameters('databaseName')]"
],
"location": null,
"apiVersion": "2014-04-01",
"properties": {
"status": "Enabled"
}
}
]
并且数据库版本必须是版本 12:
"resources": [
{
"name": "[parameters('serverName')]",
"type": "Microsoft.Sql/servers",
"location": "[resourceGroup().location]",
"tags": {
"displayName": "SqlServer"
},
"apiVersion": "2014-04-01-preview",
"properties": {
"administratorLogin": "[parameters('administratorLogin')]",
"administratorLoginPassword": "[parameters('administratorLoginPassword')]",
"version": "12.0"
},
现在加密默认是开启的,你不需要设置为开启。