USE Master
GO
--Assign Password to the instance
CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'password';
--Create the certificate for the database
CREATE CERTIFICATE tdeCert WITH SUBJECT = 'TDE_Certificate';
--Create a backup to allow the password to be recovered
BACKUP CERTIFICATE tdeCert TO FILE = 'E:\backups\20140221_tdeCert.crt'
WITH PRIVATE KEY (
FILE = 'tdeCert',
ENCRYPTION BY PASSWORD = 'Password123');
USE [target database]
GO
--Use the certificate produced to assign it to the database
CREATE DATABASE ENCRYPTION KEY
WITH ALGORITHM = AES_256
ENCRYPTION BY SERVER CERTIFICATE tdeCert;
--Start the encryption
ALTER DATABASE [target database] SET ENCRYPTION ON;
