TDE encryption involves a private encryption key and certificate on the Master database. Start by restoring the encryption certificate to the SQL Server instance used by Windocks to create SQL Server containers (the instance name is listed in \windocks\config\node.conf). Items needed include the source encryption certificate, private key, and password.
You can get these by running the following SQL on the source server, where the TDE database lives (typically production).
On the server running Windocks,
Open services.msc, stop the Windocks service
Start the SQL Server instance listed in \windocks\config\node.conf
In Services, get the name of the account running this SQL Server instance, for example NT SERVICE\MSSQLSERVER
In File Explorer, navigate to the directory containing the private key and certificate. Provide full permissions on these files and directory to the account running the SQL Server instance
Start SQL Management Studio, connect to that instance and run the following scripts
Create a file named tdesetup.sqlsys. (The .sqlsys extension ensures that the script is run before any database specific attaches):
Create a file named dockerfile as follows:dockerfile
In a command line on the Windocks server, build the image. You may also build with the web application or via REST API
docker build -t yourimagename path\to\directory\containing\dockerfile
After that you can create containers from the image using docker run -d yourimagename or from the web application or from the REST API. Containers delivered from this image will support TDE encrypted databases, based on the source certificate and key.