{"id":1361,"date":"2012-07-04T00:00:00","date_gmt":"2012-07-04T00:00:00","guid":{"rendered":"https:\/\/test.simple-talk.com\/uncategorized\/encrypting-your-sql-server-2012-alwayson-availability-databases\/"},"modified":"2026-04-17T19:10:03","modified_gmt":"2026-04-17T19:10:03","slug":"encrypting-your-sql-server-2012-alwayson-availability-databases","status":"publish","type":"post","link":"https:\/\/www.red-gate.com\/simple-talk\/databases\/sql-server\/database-administration-sql-server\/encrypting-your-sql-server-2012-alwayson-availability-databases\/","title":{"rendered":"TDE with SQL Server AlwaysOn: Certificate Propagation to Availability Replicas"},"content":{"rendered":"\n<div id=\"pretty\">\n<h2>Executive Summary<\/h2>\n<p><strong>Transparent Data Encryption (TDE) encrypts SQL Server database files at rest &#8211; including data files, log files, and backups &#8211; using a database encryption key (DEK) protected by a certificate stored in the master database. Adding TDE to a database that is part of an AlwaysOn Availability Group requires an additional step: the TDE certificate must be backed up and restored to every secondary replica&#8217;s master database before the secondary can decrypt and apply the encrypted log stream. This article walks through the complete process for SQL Server 2012: creating the master key, creating the TDE certificate, encrypting the database, backing up the certificate and private key, and restoring them to each secondary replica.<\/strong><\/p>\n<p class=\"start\">Previously, in my article <a href=\"http:\/\/www.simple-talk.com\/sql\/database-administration\/sql-server-2012-alwayson\/\">SQL Server 2012 AlwaysOn<\/a>, I discussed the components that make up SQL Server 2012&#8217;s AlwaysOn and how you can configure your SQL Server environment using AlwaysOn Availability Groups (AAG) to meet the ever-increasing need for &#8216;High Availability&#8217; (HA) and &#8216;Disaster Recovery&#8217; (DR). One of the benefits that I outlined was the ability to use the Enterprise Edition feature &#8216;Transparent Data Encryption&#8217; (TDE) to secure your databases.<\/p>\n<h2>Transparent Data Encryption<\/h2>\n<p><a href=\"http:\/\/msdn.microsoft.com\/en-us\/library\/bb934049.aspx\">TDE<\/a> allows you to protect your databases by performing <a href=\"https:\/\/www.red-gate.com\/simple-talk\/blogs\/unmasking-sql-server-dynamic-data-masking\/\">real-time I\/O encryption<\/a> utilising keys. This prevents anyone who does not have these keys from accessing the data. I am not going to dive into the details of TDE in this article; there are links in the <strong>References &amp; Further Reading<\/strong> section later in the article for you to get a better understanding of TDE.<\/p>\n<h2>Configuring your AlwaysOn environment<\/h2>\n<p>If you have not yet set up and configured a SQL Server 2012 AlwaysOn environment, then please have a read of my article <a href=\"http:\/\/www.simple-talk.com\/sql\/database-administration\/sql-server-2012-alwayson\/\">SQL Server AlwaysOn<\/a>. In this article I shall assume that you already have an environment set up that is already using AlwaysOn Availability Groups (AAG). Normally, if you are going to create a new AAG or need to add a database into an existing AAG, you can simply use the wizards provided in SSMS. However, if you are going to add a database that has been configured to be encrypted using TDE then you will not be able to use these wizards.<\/p>\n<p>Whether you are creating a new AAG, or you are needing to add a database that has been encrypted using TDE, there are steps that you need to complete on your SQL Server 2012 AlwaysOn Primary Replica. These are:<\/p>\n<ul>\n<li>Create a Master Key on the Primary Replica<\/li>\n<li>Backup the Master Key<\/li>\n<li>Create a Certificate protected by the Master Key<\/li>\n<li><a href=\"https:\/\/www.red-gate.com\/simple-talk\/databases\/sql-server\/database-administration-sql-server\/dba-in-training-backups-sla-and-restore-strategies\/\">Backup the Certificate<\/a><\/li>\n<li>Create a Database Encryption Key<\/li>\n<li>Enable a TDE on a Database<\/li>\n<\/ul>\n<p>Here is some example code that can be used to perform these tasks:<\/p>\n<pre class=\"theme:ssms2012 lang:tsql\">USE MASTER\nGO\n\n-- Create a Master Key\nCREATE MASTER KEY ENCRYPTION BY Password = 'P@ssw0rd1';\n\n-- Backup the Master Key\nBACKUP MASTER KEY\n\u00a0\u00a0 TO FILE = '\\\\Path\\Encryption_Backups\\MyServer_MK'\n\u00a0\u00a0 ENCRYPTION BY Password = 'P@ssword2';\n\n-- Create Certificate Protected by Master Key\nCREATE Certificate MyServer_Cert\n\u00a0\u00a0 WITH Subject = 'My DEK Certificate';\n\n-- Backup the Certificate\nBACKUP Certificate MyServer_Cert\n\u00a0\u00a0 TO FILE = '\\\\Path\\Encryption_Backups\\MyServer_Cer'\n\u00a0\u00a0 WITH Private KEY (\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 FILE = '\\\\Path\\Encryption_Backups\\MyServer_PrivKey',\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ENCRYPTION BY Password = 'P@ssword3'\n\u00a0\u00a0 );\n\n\n-- Move to the database you wish to enable TDE on\nUSE TestTDE_WithAlwaysOn\nGO\n\n-- Create a Database Encryption Key\nCREATE DATABASE ENCRYPTION KEY\n\u00a0\u00a0 WITH Algorithm = AES_128\n\u00a0\u00a0 ENCRYPTION BY Server Certificate MyServer_Cert;\n\n\n-- Enable the Database for Encryption by TDE\nALTER DATABASE TestTDE_WithAlwaysOn\n\u00a0\u00a0 SET ENCRYPTION ON;<\/pre>\n<p>We need to undertake some configuration steps on the Secondary Replicas in order to allow us to be able to replicate the Availability Databases. We need to:<\/p>\n<ul>\n<li>Create a Master Key on the Secondary Replica<\/li>\n<li>Backup the Master Key<\/li>\n<li>Create Certificate from the Primary Replica<\/li>\n<\/ul>\n<p>Here is some example code that can be used to perform these tasks:<\/p>\n<pre class=\"theme:ssms2012 lang:tsql\">USE MASTER\nGO\n\n-- Create a Master Key\nCREATE MASTER KEY ENCRYPTION BY Password = 'P@ssw0rd1';\n\n-- Backup the Master Key\nBACKUP MASTER KEY\n\u00a0\u00a0 TO FILE = '\\\\Path\\Encryption_Backups\\MyServer2_MK'\n\u00a0\u00a0 ENCRYPTION BY Password = 'P@ssword2';\n\n-- Create Certificate Protected by Master Key\nCREATE Certificate MyServer2_Cert\n\u00a0\u00a0 FROM FILE = '\\\\Path\\Encryption_Backups\\MyServer_Cer'\n\u00a0\u00a0 WITH Private KEY (\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 FILE = '\\\\Path\\Encryption_Backups\\MyServer_PrivKey',\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Decryption BY Password = 'P@ssword3'\n\u00a0\u00a0 );<\/pre>\n<p>The above will need to be undertaken on every Secondary Replica in the SQL Server 2012 AlwaysOn environment. After the Replicas are all configured with the Certificate, the encrypted database(s) can then be made available on all of the Replicas.<\/p>\n<p>When we are using the &#8216;New Availability Group Wizard&#8217;, we have to select those database(s) which will participate in the AlwaysOn Availability Group. If one of the databases has been enabled for encryption utilising TDE, we will not be able to use the wizard to create the AlwaysOn Availability Group. To achieve this, we need to use T-SQL or PowerShell to create the Availability Group.<\/p>\n<p>This T-SQL Code (to run in SQLCMD mode in SSMS) will manually create an Availability Group:<\/p>\n<p>&#8212; The following code needs to be run using SQLCMD Mode<\/p>\n<pre class=\"theme:ssms2012 lang:tsql\">-- The following code needs to be run using SQLCMD Mode \n:Connect PrimaryReplicaServer\n\nUSE MASTER\nGO\n\n-- 1\/ Create AlwaysOn AAG with TDE enabled database\nCREATE Availability GROUP [SQL2012_TDE]\n\u00a0\u00a0 WITH (Automated_Backup_Preference = Secondary)\n\u00a0\u00a0 FOR DATABASE [TestTDE_WithAlwaysOn]\n\u00a0\u00a0 Replica ON N'PrimaryReplicaServer'\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 WITH (Endpoint_URL = N'TCP:\/\/PrimaryReplicaServer.Domain1.Com:5022',\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Failover_Mode = Manual,\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Availability_Mode = Asynchronous_Commit,\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Backup_Priority = 50,\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Secondary_Role(Allow_Connections = ALL)\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ),\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 N'SecondaryReplicaServer'\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 WITH (Endpoint_URL = N'TCP:\/\/SecondaryReplicaServer.Domain1.Com:5022',\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Failover_Mode = Manual,\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Availability_Mode = Asynchronous_Commit,\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Backup_Priority = 50,\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Secondary_Role(Allow_Connections = ALL)\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 );\nGO\n\n:Connect SecondaryReplicaServer\n\n-- 2\/ Join the Secondary Replica to the Newly Created AAG.\nALTER Availability GROUP [SQL2012_TDE] JOIN;\nGO\n\n:Connect PrimaryReplicaServer\n\n-- 3\/ Create a Full Backup\nBACKUP DATABASE [TestTDE_WithAlwaysOn]\nTO DISK = '\\\\Path\\AlwaysOn_Backups\\TestTDE_WithAlwaysOn_DB.bak'\nWITH Copy_Only;\n\nGO\n\n:Connect SecondaryReplicaServer\n\n-- 4\/ Start the restoration process to bring your database to a synchronised state\nRESTORE DATABASE [TestTDE_WithAlwaysOn]\nFROM DISK = '\\\\Path\\AlwaysOn_Backups\\TestTDE_WithAlwaysOn_DB.bak'\nWITH NoRecovery;\n\nGO\n\n:Connect PrimaryReplicaServer\n\n-- 5\/ Create a TLog Backup\nBACKUP LOG [TestTDE_WithAlwaysOn]\nFROM DISK = '\\\\Path\\AlwaysOn_Backups\\TestTDE_WithAlwaysOn_TL.bak';\n\nGO\n\n:Connect SecondaryReplicaServer\n\n-- 6\/ Start the restoration process to bring your database to a synchronised state\nRESTORE LOG [TestTDE_WithAlwaysOn]\nFROM DISK = '\\\\Path\\AlwaysOn_Backups\\TestTDE_WithAlwaysOn_DB.bak'\nWITH NoRecovery;\n\nGO\n\n:Connect SecondaryReplicaServer\n\n-- 7\/ Join the Database to the AAG and bring it into the readable synchronised state.\nALTER DATABASE [TestTDE_WithAlwaysOn]\n\u00a0\u00a0 SET HADR Availability GROUP = [SQL2012_TDE];\n\nGO<\/pre>\n<p>Alternatively if you prefer to use PowerShell here is some code to manually create an Availability Group:<\/p>\n<pre class=\"\">Import-Module \"SQLPS\" -DisableNameChecking\n\n# Create Full Database Backup\n\nBackup-SQLDatabase -Database \"TestTDE_WithAlwaysOn\" -BackupFile \n\"\\\\Path\\AlwaysOn_Backups\\TestTDE_WithAlwaysOn_DB.bak\" -ServerInstance \"ServerCoreNode1\"<\/pre>\n<pre># Create TLog backup\n\nBackup-SQLDatabase -Database \"TestTDE_WithAlwaysOn\" -BackupFile \n\"\\\\Path\\AlwaysOn_Backups\\TestTDE_WithAlwaysOn_TL.bak\" -ServerInstance \"ServerCoreNode1\" -BackupAction Log<\/pre>\n<pre class=\"\"># Restore Database and Log on Secondary (NoRecovery)\n\nRestore-SQLDatabase -Database \"TestTDE_WithAlwaysOn\" -BackupFile \n\"\\\\Path\\AlwaysOn_Backups\\TestTDE_WithAlwaysOn_DB.bak\" -ServerInstance \"ServerCoreNode2\" -NoRecovery\n\nRestore-SQLDatabase -Database \"TestTDE_WithAlwaysOn\" -BackupFile \n\"\\\\Path\\AlwaysOn_Backups\\TestTDE_WithAlwaysOn_TL.bak\" -ServerInstance \"ServerCoreNode2\" -RestoreAction Log -NoRecovery<\/pre>\n<pre># Create an In-Memory representation of Primary Replica\n\n$PrimaryReplica = New-SQLAvailabilityReplica -Name \"ServerCoreNode1\" -EndPointURL \n\"TCP:\/\/ServerCoreNode1.Test.Com:5022\" -AvailabilityMode \"AsynchronousCommit\" -FailoverMode \"Manual\" -Version 11 -AsTemplate<\/pre>\n<pre class=\"\"># Create an In-Memory representation of Secondary Replica\n\n$SecondaryReplica = New-SQLAvailabilityReplica -Name \"ServerCoreNode2\" -EndPointURL \n\"TCP:\/\/ServerCoreNode2.Test.Com:5022\" -AvailabilityMode \"AsynchronousCommit\" -FailoverMode \"Manual\" -Version 11 -AsTemplate<\/pre>\n<pre class=\"\"># Create the Availability Group\n\nNew-SQLAvailabilityGroup -Name \"SQL2012_TDE\" -Path \"SQLServer:\\SQL\\ServerCoreNode1\\Default\" -AvailabilityReplica @($PrimaryReplica,$SecondaryReplica) -Database \"TestTDE_WithAlwaysOn\"<\/pre>\n<pre>#Join the Secondary Replica to the Availability Group\n\nJoin-SQLAvailabilityGroup -Path \"SQLServer:\\SQL\\ServerCoreNode2\\Default\" -Name \"SQL2012_TDE\"<\/pre>\n<pre># Join the Secondary Database to the Availability Group\n\nAdd-SQLAvailabilityDatabase -Path \"SQLServer:\\SQL\\ServerCoreNode2\\Default\\AvailabilityGroups\\SQL2012_TDE\" -Database \"TestTDE_WithAlwaysOn\"<\/pre>\n<p>If we already have an AAG, and we need to add a database that has been configured for encryption, then a slight modification to the T-SQL code above will allow us to achieve this. Swap Steps 1 &amp; 2 in the T-SQL Code above for the code below:<\/p>\n<pre class=\"theme:ssms2012 lang:tsql\">-- The following code needs to be run using SQLCMD Mode \n\n:Connect PrimaryReplicaServer\n-- Add your database to the Existing Availability Group\nALTER AVAILABILITY GROUP [SQL2012_TDE] ADD DATABASE [TestTDE_WithAlwaysOn];\nGO<\/pre>\n<p>We have now configured the environment to have an Encrypted database participate in a SQL Server 2012 AlwaysOn Availability Group.<\/p>\n<h2>References &amp; Further Reading<\/h2>\n<ul class=\"reference-list\">\n<li>Transparent Data Encryption &#8211; <a href=\"http:\/\/msdn.microsoft.com\/en-us\/library\/bb934049.aspx\">http:\/\/msdn.microsoft.com\/en-us\/library\/bb934049.aspx<\/a><\/li>\n<li>Create Master Key &#8211; <a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/ms174382.aspx\">http:\/\/technet.microsoft.com\/en-us\/library\/ms174382.aspx<\/a><\/li>\n<li>Create Certificates &#8211; <a href=\"http:\/\/msdn.microsoft.com\/en-us\/library\/ms187798.aspx\">http:\/\/msdn.microsoft.com\/en-us\/library\/ms187798.aspx<\/a><\/li>\n<li>Create Database Master Key &#8211; <a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/aa337551.aspx\">http:\/\/technet.microsoft.com\/en-us\/library\/aa337551.aspx<\/a><\/li>\n<li>Move a TDE protected Database &#8211; <a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/ff773063.aspx\">http:\/\/technet.microsoft.com\/en-us\/library\/ff773063.aspx<\/a><\/li>\n<li>Backup Master Keys &#8211; <a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/ms174387.aspx\">http:\/\/technet.microsoft.com\/en-us\/library\/ms174387.aspx<\/a><\/li>\n<li>Backup Certificates &#8211; <a href=\"http:\/\/msdn.microsoft.com\/en-us\/library\/ms178578.aspx\">http:\/\/msdn.microsoft.com\/en-us\/library\/ms178578.aspx<\/a><\/li>\n<li>Manually Prepare a DB for for AAG&#8217;s &#8211; <a href=\"http:\/\/msdn.microsoft.com\/en-us\/library\/ff878349.aspx\">http:\/\/msdn.microsoft.com\/en-us\/library\/ff878349.aspx<\/a><\/li>\n<li>Encrypted Databases with AAG&#8217;s &#8211; <a href=\"http:\/\/msdn.microsoft.com\/en-us\/library\/hh510178.aspx\">http:\/\/msdn.microsoft.com\/en-us\/library\/hh510178.aspx<\/a><\/li>\n<li>Create an AAG with PowerShell &#8211; <a href=\"http:\/\/msdn.microsoft.com\/en-us\/library\/gg492181.aspx\">http:\/\/msdn.microsoft.com\/en-us\/library\/gg492181.aspx<\/a><\/li>\n<\/ul>\n<\/div>\n\n\n\n<section id=\"faq\" class=\"faq-block my-5xl\">\n    <h2>FAQs: Encrypting Your SQL Server 2012 AlwaysOn Availability Databases<\/h2>\n\n                        <h3 class=\"mt-4xl\">1. How do I add Transparent Data Encryption to a SQL Server AlwaysOn database?<\/h3>\n            <div class=\"faq-answer\">\n                <p>On the primary replica: (1) Create a master key in the master database if one doesn&#8217;t exist. (2) Create a certificate protected by the master key. (3) Create a database encryption key (DEK) on the target database using the certificate. (4) Enable encryption: ALTER DATABASE [dbname] SET ENCRYPTION ON. Then propagate to secondary replicas: (5) Back up the certificate and private key from the primary with BACKUP CERTIFICATE. (6) On each secondary replica, restore the certificate from the backup files. Secondary replicas can then decrypt the encrypted log stream.<\/p>\n            <\/div>\n                    <h3 class=\"mt-4xl\">2. What is Transparent Data Encryption in SQL Server?<\/h3>\n            <div class=\"faq-answer\">\n                <p>TDE encrypts the physical files of a SQL Server database at rest &#8211; the .mdf, .ndf, and .ldf files &#8211; so that someone with physical access to the files cannot read the data without the encryption keys. The encryption is transparent to the application: SQL Server decrypts data as it reads pages into the buffer pool, and the application connects normally. TDE protects against data exposure from stolen or improperly decommissioned hardware and storage, but does not protect against access by authenticated SQL Server users with appropriate permissions.<\/p>\n            <\/div>\n                    <h3 class=\"mt-4xl\">3. Do I need to do anything special for backups when using TDE?<\/h3>\n            <div class=\"faq-answer\">\n                <p>Yes. TDE-encrypted database backups are also encrypted &#8211; they cannot be restored to a server that does not have the same TDE certificate. Before setting up TDE, back up the certificate and private key using BACKUP CERTIFICATE and store them securely offline. Without this backup, you cannot restore your database to another server instance. The private key backup requires a password for protection. Keep the certificate backup and password in a secure, separate location from the database backups themselves.<\/p>\n            <\/div>\n                    <h3 class=\"mt-4xl\">4. Has the TDE and AlwaysOn process changed in newer SQL Server versions?<\/h3>\n            <div class=\"faq-answer\">\n                <p>Yes. In SQL Server 2014 and later, TDE certificates are propagated to secondary replicas more automatically, and the process of adding a TDE-encrypted database to an Availability Group has been simplified. Azure SQL Database and SQL Managed Instance handle encryption differently &#8211; encryption at rest is always on and managed by the service. For SQL Server 2016 and later, review the current Microsoft documentation for TDE + AlwaysOn configuration, as several steps described in this 2012-era article may have been superseded.<\/p>\n            <\/div>\n            <\/section>\n","protected":false},"excerpt":{"rendered":"<p>Configure Transparent Data Encryption (TDE) on SQL Server AlwaysOn Availability Databases. Covers creating the master key, certificate, and database encryption key, and propagating the certificate to secondary replicas.&hellip;<\/p>\n","protected":false},"author":210306,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[143527],"tags":[5656,4294,4178,4168,4170,4635,4150,4151,5534,5675],"coauthors":[11324],"class_list":["post-1361","post","type-post","status-publish","format-standard","hentry","category-database-administration-sql-server","tag-alwayson","tag-availability","tag-bi","tag-database","tag-database-administration","tag-powershell","tag-sql","tag-sql-server","tag-sql-server-2012","tag-tde"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/posts\/1361","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/users\/210306"}],"replies":[{"embeddable":true,"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/comments?post=1361"}],"version-history":[{"count":11,"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/posts\/1361\/revisions"}],"predecessor-version":[{"id":110042,"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/posts\/1361\/revisions\/110042"}],"wp:attachment":[{"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/media?parent=1361"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/categories?post=1361"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/tags?post=1361"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/coauthors?post=1361"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}