Transparent Data Encryption (TDE) performs real-time I/O encryption and decryption of data and log files. This encryption uses a database encryption key (DEK), which is stored in the database boot record for recovery purposes. A DEK is a symmetric key protected with a certificate stored in the server's master database, or an asymmetric key protected by an EKM module. TDE protects data "at rest," that is, data and log files.
1. Create a database master key in the database
CREATE MASTER KEY ENCRYPTION BY PASSWORD = '<strong password>';
GO
2. Verify that the new key exists ##MS_DatabaseMasterKey##:
SELECT * FROM sys.symmetric_keys;
GO
3. Create or obtain a certificate protected by a master key
CREATE CERTIFICATE CertTest with SUBJECT = 'Test Certificate'
GO
You can see it after executing