Table: azure_sql_server_encryption_protectors

This table shows data for Azure SQL Server Encryption Protectors.

https://learn.microsoft.com/en-us/rest/api/sql/2021-11-01/encryption-protectors/list-by-server?tabs=HTTP#encryptionprotector (opens in a new tab)

The primary key for this table is id.

Relations

This table depends on azure_sql_servers.

Columns

NameType
_cq_iduuid
_cq_parent_iduuid
subscription_idutf8
propertiesjson
id (PK)utf8
kindutf8
locationutf8
nameutf8
typeutf8

Example Queries

These SQL queries are sampled from CloudQuery policies and are compatible with PostgreSQL.

Ensure SQL server"s TDE protector is encrypted with Customer-managed key (Automated)

SELECT
  'Ensure SQL server"s TDE protector is encrypted with Customer-managed key (Automated)'
    AS title,
  s.subscription_id,
  s.id AS server_id,
  CASE
  WHEN p.kind != 'azurekeyvault'
  OR p.properties->>'serverKeyType' IS DISTINCT FROM 'AzureKeyVault'
  OR (p.properties->>'uri') IS NULL
  THEN 'fail'
  ELSE 'pass'
  END
FROM
  azure_sql_servers AS s
  LEFT JOIN azure_sql_server_encryption_protectors AS p ON
      s._cq_id = p._cq_parent_id;