Azure SQL database Transparent Data Encryption (TDE) encryption disabled
Description
This policy is checking to make sure that Transparent Data Encryption (TDE) is enabled for Azure SQL databases. TDE is a security feature that provides real-time encryption and decryption of data and log files to protect information at rest. If TDE is not enabled, the data stored in the Azure SQL Database could be at risk for unauthorized access or data breaches. Therefore, enabling TDE helps in maintaining the confidentiality and integrity of the data by ensuring that it can only be accessed, read or modified by authorized entities.
Code Example
resource "azurerm_mssql_database" "tde" {
...
transparent_data_encryption_enabled = true
...
}Remediation
Terraform
- Resource: azurerm_mssql_database
- Arguments: transparent_data_encryption_enabled
To fix the issue of Transparent Data Encryption (TDE) not being enabled on your Azure SQL database, you just need to set the argument `transparent_data_encryption` to `enabled` in your Terraform script.
Secure code example:
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0782 |
| Severity | LOW |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV2_AZURE_25 |