是否可以使用ARM json模板爲SQL Azure數據庫啓用透明數據加密?如果是這樣,怎麼樣?使用ARM模板在Azure SQL數據庫上設置透明數據加密
2
A
回答
3
模板應該看起來像這樣。
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"serverName": {
"type": "string",
"defaultValue": "TDETest2",
"metadata": {
"description": "The name of the new SQL Server to create."
}
},
"administratorLogin": {
"type": "string",
"metadata": {
"description": "The admin user of the SQL Server"
}
},
"administratorLoginPassword": {
"type": "securestring",
"metadata": {
"description": "The password of the admin user of the SQL Server"
}
},
"databaseName": {
"type": "string",
"defaultValue": "TDETest2",
"metadata": {
"description": "The name of the new database to create."
}
},
"collation": {
"type": "string",
"defaultValue": "SQL_Latin1_General_CP1_CI_AS",
"metadata": {
"description": "The database collation for governing the proper use of characters."
}
},
"edition": {
"type": "string",
"defaultValue": "Basic",
"allowedValues": [
"Basic",
"Standard",
"Premium"
],
"metadata": {
"description": "The type of database to create."
}
},
"maxSizeBytes": {
"type": "string",
"defaultValue": "1073741824",
"metadata": {
"description": "The maximum size, in bytes, for the database"
}
},
"requestedServiceObjectiveName": {
"type": "string",
"defaultValue": "Basic",
"allowedValues": [
"Basic",
"S0",
"S1",
"S2",
"P1",
"P2",
"P3"
],
"metadata": {
"description": "Describes the performance level for Edition"
}
}
},
"variables": {
},
"resources": [
{
"name": "[parameters('serverName')]",
"type": "Microsoft.Sql/servers",
"location": "[resourceGroup().location]",
"tags": {
"displayName": "SqlServer"
},
"apiVersion": "2014-04-01-preview",
"properties": {
"administratorLogin": "[parameters('administratorLogin')]",
"administratorLoginPassword": "[parameters('administratorLoginPassword')]"
},
"resources": [
{
"name": "[parameters('databaseName')]",
"type": "databases",
"location": "[resourceGroup().location]",
"tags": {
"displayName": "Database"
},
"apiVersion": "2014-04-01-preview",
"dependsOn": [
"[parameters('serverName')]"
],
"properties": {
"edition": "[parameters('edition')]",
"collation": "[parameters('collation')]",
"maxSizeBytes": "[parameters('maxSizeBytes')]",
"requestedServiceObjectiveName": "[parameters('requestedServiceObjectiveName')]"
},
"resources":[
{
"name": "current",
"type": "transparentDataEncryption",
"dependsOn": [
"[parameters('databaseName')]"
],
"location": null,
"apiVersion": "2014-04-01",
"properties": {
"status": "Disabled"
}
}
]
},
{
"type": "firewallrules",
"apiVersion": "2014-04-01-preview",
"dependsOn": [
"[parameters('serverName')]"
],
"location": "[resourceGroup().location]",
"name": "AllowAllWindowsAzureIps",
"properties": {
"endIpAddress": "0.0.0.0",
"startIpAddress": "0.0.0.0"
}
}
]
}
],
"outputs": {
"sqlSvrFqdn": {
"type": "string",
"value": "[reference(concat('Microsoft.Sql/servers/', parameters('serverName'))).fullyQualifiedDomainName]"
}
}
}
transparentDataEncryption
應該是屬於SQL數據庫的資源。因此我將它置於數據庫模板的資源之下。
但是,在測試此模板之後,我收到以下錯誤消息。
Code : InvalidTemplate
Message : Deployment template validation failed: 'The template resource 'Microsoft.Sql/servers/TDETest2/databases/TDETest2' cannot reference itself. Please see http://aka.ms/arm-template-expressions/#reference for usage details.'.
這意味着透明數據加密在ARM模板中還不被支持。我發佈了一項功能請求。請投票here
感謝@JeffBailey。我發現我在我的模板中犯了一個錯誤,在transparentDataEncryption的
dependsOn
中使用serverName而不是databaseName。該模板已更新。
1
您需要添加資源:
"resources":[
{
"name": "current",
"type": "transparentDataEncryption",
"dependsOn": [
"[parameters('databaseName')]"
],
"location": null,
"apiVersion": "2014-04-01",
"properties": {
"status": "Enabled"
}
}
]
和數據庫版本必須是12版:
"resources": [
{
"name": "[parameters('serverName')]",
"type": "Microsoft.Sql/servers",
"location": "[resourceGroup().location]",
"tags": {
"displayName": "SqlServer"
},
"apiVersion": "2014-04-01-preview",
"properties": {
"administratorLogin": "[parameters('administratorLogin')]",
"administratorLoginPassword": "[parameters('administratorLoginPassword')]",
"version": "12.0"
},
相關問題
- 1. Azure SQL數據庫的透明數據加密(TDE)
- 2. Azure SQL數據庫透明數據加密(TDE)+總是加密安全嗎?
- 3. 使用Azure ARM模板導入數據庫
- 4. Azure密鑰庫ARM模板診斷設置
- 5. 在SQL Azure數據庫上使用SQLMetal
- 6. Azure ARM模板部署中的DSC配置數據參數
- 7. Azure ARM模板
- 8. SQL Server 2008中 - 透明數據加密未解密訪問
- 9. 如何在Azure SQL數據庫上設置SQL Server Principal
- 10. 將SQL數據庫從Azure Blob Azure上傳到SQL數據庫
- 11. 用於在數據庫池上設置警報的Azure ARM模板架構/文檔
- 12. 在數據庫上設置密碼
- 13. 在數據透視表模板上設置過濾器
- 14. 事務複製到Azure SQL數據庫 - 如何加密數據?
- 15. 當移動到azure blob時透明加密數據?
- 16. 試圖啓用JDBC數據源Oracle透明數據加密
- 17. 在sql服務器列級透明數據加密
- 18. 使用Azure CLI在SQL數據庫上配置TDE 2
- 19. 使用單獨的密鑰爲每個用戶的數據加密SQL Server Azure數據庫中的數據
- 20. 數據庫的Hibernate加密對應用程序完全透明
- 21. 加密的SQL數據庫?
- 22. 半透明數據庫
- 23. 從數據庫中設置的div在HTML模板與數據
- 24. SQL Azure數據庫的不同密碼
- 25. 使用.dbproj進行發佈會關閉透明數據加密
- 26. 加密密鑰管理軟件和透明數據加密MySQL
- 27. 如何使用sql數據庫設置Azure Web服務
- 28. 在SQL上使用數據透視表
- 29. Azure SQL數據庫的儀表板
- 30. Rails加密SQL Server數據庫database.yml中的數據庫密碼
感謝工作@Jack曾 –
其實,我也得使用你的模板工作。您的transparentDataEncryption應該取決於[參數('databaseName')]而不是serverName。對資源部分沒有智能感知/模式支持,但至少可以工作!感謝您的幫助@Jack Zeng –
感謝您的指點。這是使用serverName的錯字。我會更新答案。 –