USE master;
CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'ComplexP@ssw0rd!';
CREATE CERTIFICATE BackupCert
WITH SUBJECT = 'Encrypted Backup', EXPIRY_DATE = '2026-12-31';

BACKUP DATABASE SalesDB
TO DISK = 'E:\Backups\Local\SalesDB_Full.bak'
WITH FORMAT, COMPRESSION, ENCRYPTION
  (ALGORITHM = AES_256, SERVER CERTIFICATE = BackupCert),
  STATS = 10;

BACKUP DATABASE SalesDB
TO DISK = 'E:\Backups\Local\SalesDB_Diff.bak'
WITH DIFFERENTIAL, COMPRESSION, STATS = 10;

BACKUP LOG SalesDB
TO DISK = 'E:\Backups\Local\SalesDB_Log.trn'
WITH COMPRESSION, STATS = 10;

$azStorage = 'https://.blob.core.windows.net/sqlbackups'
$sasToken  = '?sv=...'
azcopy copy "E:\Backups\Local\SalesDB_Full.bak" "$azStorage/SalesDB_Full.bak$sasToken"

RESTORE VERIFYONLY FROM DISK = 'E:\Backups\Local\SalesDB_Full.bak';

RESTORE DATABASE SalesDB_DR
FROM DISK = 'E:\Backups\Local\SalesDB_Full.bak'
WITH NORECOVERY;
RESTORE LOG SalesDB_DR
FROM DISK = 'E:\Backups\Local\SalesDB_Log.trn'
WITH RECOVERY;

resource "azurerm_mssql_database" "sales" {
  name           = "SalesDB"
  server_id      = azurerm_mssql_server.main.id
  collation      = "SQL_Latin1_General_CP1_CI_AS"
  backup_storage_redundancy = "Zone"
}