Instead of using the built-in certificates for protection, you can use your own keys to control the process. To do this, the key needs to be stored in Azure and the server must have permission for the key vault. Then, you can perform the following steps:
- Navigate to the Azure SQL Server you want to configure this service to.
- Navigate to transparent data encryption, and configure the following:
- Use your own key: Select yes to enable it.
- Specify the key: You can either choose Select key to manually specify the key vault and the key itself or Enter key identifier where you need to set the key identifier, which is formatted as https://{keyvaultname}.vault.azure.net/keys/{keyname}/{versionguid} ...