是否可以使用ARM json模板为SQL Azure数据库启用透明数据加密?如果是这样,怎么样?使用ARM模板在Azure SQL数据库上设置透明数据加密
2
A
回答
3
模板应该看起来像这样。
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"serverName": {
"type": "string",
"defaultValue": "TDETest2",
"metadata": {
"description": "The name of the new SQL Server to create."
}
},
"administratorLogin": {
"type": "string",
"metadata": {
"description": "The admin user of the SQL Server"
}
},
"administratorLoginPassword": {
"type": "securestring",
"metadata": {
"description": "The password of the admin user of the SQL Server"
}
},
"databaseName": {
"type": "string",
"defaultValue": "TDETest2",
"metadata": {
"description": "The name of the new database to create."
}
},
"collation": {
"type": "string",
"defaultValue": "SQL_Latin1_General_CP1_CI_AS",
"metadata": {
"description": "The database collation for governing the proper use of characters."
}
},
"edition": {
"type": "string",
"defaultValue": "Basic",
"allowedValues": [
"Basic",
"Standard",
"Premium"
],
"metadata": {
"description": "The type of database to create."
}
},
"maxSizeBytes": {
"type": "string",
"defaultValue": "1073741824",
"metadata": {
"description": "The maximum size, in bytes, for the database"
}
},
"requestedServiceObjectiveName": {
"type": "string",
"defaultValue": "Basic",
"allowedValues": [
"Basic",
"S0",
"S1",
"S2",
"P1",
"P2",
"P3"
],
"metadata": {
"description": "Describes the performance level for Edition"
}
}
},
"variables": {
},
"resources": [
{
"name": "[parameters('serverName')]",
"type": "Microsoft.Sql/servers",
"location": "[resourceGroup().location]",
"tags": {
"displayName": "SqlServer"
},
"apiVersion": "2014-04-01-preview",
"properties": {
"administratorLogin": "[parameters('administratorLogin')]",
"administratorLoginPassword": "[parameters('administratorLoginPassword')]"
},
"resources": [
{
"name": "[parameters('databaseName')]",
"type": "databases",
"location": "[resourceGroup().location]",
"tags": {
"displayName": "Database"
},
"apiVersion": "2014-04-01-preview",
"dependsOn": [
"[parameters('serverName')]"
],
"properties": {
"edition": "[parameters('edition')]",
"collation": "[parameters('collation')]",
"maxSizeBytes": "[parameters('maxSizeBytes')]",
"requestedServiceObjectiveName": "[parameters('requestedServiceObjectiveName')]"
},
"resources":[
{
"name": "current",
"type": "transparentDataEncryption",
"dependsOn": [
"[parameters('databaseName')]"
],
"location": null,
"apiVersion": "2014-04-01",
"properties": {
"status": "Disabled"
}
}
]
},
{
"type": "firewallrules",
"apiVersion": "2014-04-01-preview",
"dependsOn": [
"[parameters('serverName')]"
],
"location": "[resourceGroup().location]",
"name": "AllowAllWindowsAzureIps",
"properties": {
"endIpAddress": "0.0.0.0",
"startIpAddress": "0.0.0.0"
}
}
]
}
],
"outputs": {
"sqlSvrFqdn": {
"type": "string",
"value": "[reference(concat('Microsoft.Sql/servers/', parameters('serverName'))).fullyQualifiedDomainName]"
}
}
}
transparentDataEncryption
应该是属于SQL数据库的资源。因此我将它置于数据库模板的资源之下。
但是,在测试此模板之后,我收到以下错误消息。
Code : InvalidTemplate
Message : Deployment template validation failed: 'The template resource 'Microsoft.Sql/servers/TDETest2/databases/TDETest2' cannot reference itself. Please see http://aka.ms/arm-template-expressions/#reference for usage details.'.
这意味着透明数据加密在ARM模板中还不被支持。我发布了一项功能请求。请投票here
感谢@JeffBailey。我发现我在我的模板中犯了一个错误,在transparentDataEncryption的
dependsOn
中使用serverName而不是databaseName。该模板已更新。
1
您需要添加资源:
"resources":[
{
"name": "current",
"type": "transparentDataEncryption",
"dependsOn": [
"[parameters('databaseName')]"
],
"location": null,
"apiVersion": "2014-04-01",
"properties": {
"status": "Enabled"
}
}
]
和数据库版本必须是12版:
"resources": [
{
"name": "[parameters('serverName')]",
"type": "Microsoft.Sql/servers",
"location": "[resourceGroup().location]",
"tags": {
"displayName": "SqlServer"
},
"apiVersion": "2014-04-01-preview",
"properties": {
"administratorLogin": "[parameters('administratorLogin')]",
"administratorLoginPassword": "[parameters('administratorLoginPassword')]",
"version": "12.0"
},
相关问题
- 1. Azure SQL数据库的透明数据加密(TDE)
- 2. 使用Azure ARM模板导入数据库
- 3. 在SQL Azure数据库上使用SQLMetal
- 4. Azure ARM模板部署中的DSC配置数据参数
- 5. SQL Server 2008中 - 透明数据加密未解密访问
- 6. 用于在数据库池上设置警报的Azure ARM模板架构/文档
- 7. 将SQL数据库从Azure Blob Azure上传到SQL数据库
- 8. 在数据库上设置密码
- 9. 在数据透视表模板上设置过滤器
- 10. 事务复制到Azure SQL数据库 - 如何加密数据?
- 11. 试图启用JDBC数据源Oracle透明数据加密
- 12. 在sql服务器列级透明数据加密
- 13. 使用Azure CLI在SQL数据库上配置TDE 2
- 14. 数据库的Hibernate加密对应用程序完全透明
- 15. 加密的SQL数据库?
- 16. 半透明数据库
- 17. SQL Azure数据库的不同密码
- 18. 加密密钥管理软件和透明数据加密MySQL
- 19. 在SQL上使用数据透视表
- 20. Azure SQL数据库的仪表板
- 21. 使用azure datalake analytics将数据传输到azure sql数据库
- 22. 在Azure SQL数据仓库上还原数据库
- 23. 如何加密SQL Azure中的数据?
- 24. Azure的ARM dependson数据库条款
- 25. 在VBA的数据透视表模板上定义源数据
- 26. 数据库加密和数据库解密使用C#代码
- 27. 加密/解密数据到数据库
- 28. Oracle透明数据加密未解密访问
- 29. Visio - 从Azure SQL Server数据库反向设计数据库模型 - 崩溃
- 30. 加密数据库上的密码
感谢工作@Jack曾 –
其实,我也得使用你的模板工作。您的transparentDataEncryption应该取决于[参数('databaseName')]而不是serverName。对资源部分没有智能感知/模式支持,但至少可以工作!感谢您的帮助@Jack Zeng –
感谢您的指点。这是使用serverName的错字。我会更新答案。 –