transparentDataEncryptionKeyVaultKeyId

The fully versioned Key Vault Key URL (e.g. 'https://<YourVaultName>.vault.azure.net/keys/<YourKeyName>/<YourKeyVersion>) to be used as the Customer Managed Key(CMK/BYOK) for the Transparent Data Encryption(TDE) layer.

Note: To successfully deploy a Microsoft SQL Server in CMK/BYOK TDE the Key Vault must have Soft-delete and purge protection enabled to protect from data loss due to accidental key and/or key vault deletion. The Key Vault and the Microsoft SQL Server User Managed Identity Instance must belong to the same Azure Active Directory tenant. Note: Cross-tenant Key Vault and Microsoft SQL Server interactions are not supported. Please see the product documentation for more information. Note: When using a firewall with a Key Vault, you must enable the option Allow trusted Microsoft services to bypass the firewall.