Auditing of modification of change to encryption keys
https://dba.stackexchange.com/questions/240687
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
Is it possible to audit/log any attempts or actual changes to the keys used in the encryption hierarchy?
We are using 2014 Enterprise edition and have recently enabled TDE across our databases and would like to add changes the the encryption keys to our auditing.
As we have recently upgraded to enterprise edition to allow us to enable TDE, I wondered if SQL Server Audit would have this out of the box?
Solution
Turns out SQL Server Audit has this out of the box.
Querying the contents of sys.dm_audit_actions revealed all the audit actions available and the Audit action types that I needed to add to the audit
Once I added DATABASE_OBJECT_CHANGE_GROUP and SERVER_OBJECT_CHANGE_GROUP to my audit and enabled it they appeared in the log.
