I have two different azure subscriptions with different key vaults, sql servers, and dbs, one prod and one test. The two environments are independent from one another and don’t communicate; therefore, they both hold their own CME keys in their separate kvs. From time to time I would like to take a BACPAC of the prod environment and migrate that to the test environment. The issue I’m running into is that the always encrypt would be off since the two subscriptions can’t communicate. I tried to see if there was a way for me to duplicate the prod CME in the test environment, but I couldn’t seem to find anything. Does anybody have any suggestions, or know if there are tools within azure that will decrypt, migrate, and encrypt the data using the correct keys?