Among the many recommendations to make your data secure on Azure, one is to implement Transparent Data Encryption.
Most of the ways you’ll see online to enable it is to run the following command in SQL:
-- Enable encryption
While this may be perfectly valid for existing database, what if you want to create it right from the start with TDE enabled?
That’s where ARM templates normally come in. It’s also where the documentation either fall short or isn’t meant to be used as-is right now.
So let me give you the necessary bits for you to enable it.
Enabling Transparent Data Encryption
First, create a new array of sub resources for your database. Not your server. Your database. It’s important otherwise it just won’t work.
Next, is to create a resource of type
transparentDataEncryption and assign the proper properties.
It should look like this in your JSON Outline view.
I’ve included the database ARM template I use for you to copy/paste.
If you are interested in more ways to secure your data or your application in Azure, please let me know in the comments!