transparentDataEncryptionKeyVaultKeyId

The fully versioned Key Vault Key URL (e.g. 'https://<YourVaultName>.vault.azure.net/keys/<YourKeyName>/<YourKeyVersion>) to be used as the Customer Managed Key(CMK/BYOK) for the Transparent Data Encryption(TDE) layer.

Note: To successfully deploy a Microsoft SQL Database in CMK/BYOK TDE the Key Vault must have Soft-delete and purge protection enabled to protect from data loss due to accidental key and/or key vault deletion. The Key Vault and the Microsoft SQL Server User Managed Identity Instance must belong to the same Azure Active Directory tenant.