Configure Transparent Data Encryption for Sitecore Forms
Sitecore Forms supports Transparent Data Encryption (TDE) to protect submitted form data. TDE is a technology to encrypt at the file level and solves the problem of protecting data at rest.
Sitecore Forms does not support Always Encrypted configuration.
When you run Sitecore Forms on Azure, by default, TDE is enabled for all newly deployed Azure SQL databases. For Sitecore on-premise solutions, TDE is not enabled by default. This topic describes how to enable and configure TDE for on-premise solutions.
For merged replications on Sitecore Forms databases, you must enable TDE on all databases and configure TDE on each publisher and subscriber.
To configure TDE for the Sitecore Forms database:
-
Create a Master Key and a certificate by using the following SQL script:
RequestResponseUSE master; GO CREATE MASTER KEY ENCRYPTION BY PASSWORD = '<your-password>'; go CREATE CERTIFICATE <your-cert-name> WITH SUBJECT = <your-cert-subject>'; go -
Enable the encryption on the Sitecore Forms Database using the certificate you created in the previous step.
ImportantBy default, the Sitecore Forms Database name ends with ExperienceForms.
RequestResponseUSE instancename_ExperienceForms; GO CREATE DATABASE ENCRYPTION KEY WITH ALGORITHM = AES_128 ENCRYPTION BY SERVER CERTIFICATE <your-cert-name>; GO ALTER DATABASE instancename_ExperienceForms SET ENCRYPTION ON; GONoteFor more information on setting up TDE, go to the Microsoft SQL Server documentation site.