TDE on replicated databases

From MSDN:

Replication does not automatically replicate data from a TDE-enabled database in an encrypted form. You must separately enable TDE if you want to protect the distribution and subscriber databases. Snapshot replication, as well as the initial distribution of data for transactional and merge replication, can store data in unencrypted intermediate files; for example, the bcp files. During transactional or merge replication, encryption can be enabled to protect the communication channel.

Also, a suggested read here.

Yes, you can use TDE with replication as explained here.

TDE is file level encryption. This meaning, TDE encrypts and decrypts at the disk level where the data and log files are retained. Replication is managed in a combination of the system databases and the user database level and in reality, has no awareness of the file storage. This is the same when we would discuss any type of replication, such as Peer-to-peer, Transactional or Merge replication.


Yes , TDE is in a database level and the encryption is not automatically synced to the subscriber. See : Transparent Data Encryption (TDE) - Transparent Data Encryption and Replication