Configure Transparent Data Encryption for Sitecore Forms

Abstract

Protect your form data using Transparent Data Encryption (TDE).

Sitecore Forms supports Transparent Data Encryption (TDE) to protect submitted form data. TDE is a technology to encrypt at the file level and solves the problem of protecting data at rest.

Important

Sitecore Forms does not support Always Encrypted configuration.

When you run Sitecore Forms on Azure, by default, TDE is enabled for all newly deployed Azure SQL databases. For Sitecore on-premise solutions, TDE is not enabled by default. This topic describes how to enable and configure TDE for on-premise solutions.

Note

For merged replications on Sitecore Forms databases, you must enable TDE on all databases and configure TDE on each publisher and subscriber.

To configure TDE for the Sitecore Forms database:

  1. Create a Master Key and a certificate by using the following SQL script:

    
    USE master;  
    
    GO  
    
    CREATE MASTER KEY
    ENCRYPTION BY PASSWORD = '<your-password>';  
    
    go  
    
    CREATE CERTIFICATE <your-cert-name> WITH
    SUBJECT = <your-cert-subject>';  
    
    go  
    
    
  2. Enable the encryption on the Sitecore Forms Database using the certificate you created in the previous step.

    Important

    By default, the Sitecore Forms Database name ends with ExperienceForms.

    
    USE instancename_ExperienceForms;  
    
    GO  
    
    CREATE DATABASE
    ENCRYPTION KEY  
    
    WITH ALGORITHM = AES_128  
    
    ENCRYPTION BY SERVER
    CERTIFICATE <your-cert-name>;  
    
    GO  
    
     
    
    ALTER DATABASE instancename_ExperienceForms
    
    SET ENCRYPTION ON;  
    
    GO  
    
    

    Note

    For more information on setting up TDE, go to the Microsoft SQL Server documentation site.