Set-AzSqlServerTransparentDataEncryptionProtector

Sets the Transparent Data Encryption (TDE) protector for a SQL server.

Syntax

Set-AzSqlServerTransparentDataEncryptionProtector
   [-Type] <EncryptionProtectorType>
   [[-KeyId] <String>]
   [-AutoRotationEnabled <Boolean>]
   [-Force]
   [-AsJob]
   [-ServerName] <String>
   [-ResourceGroupName] <String>
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

The Set-AzSqlServerTransparentDataEncryptionProtector cmdlet sets the TDE protector for a SQL server. Changing the TDE protector type will rotate the protector.

Examples

Example 1: Set the Transparent Data Encryption (TDE) protector type to ServiceManaged

Set-AzSqlServerTransparentDataEncryptionProtector -Type ServiceManaged -ServerName 'ContosoServer' -ResourceGroupName 'ContosoResourceGroup'

ResourceGroupName    ServerName                   Type ServerKeyVaultKeyName
-----------------    ----------                   ---- ---------------------
ContosoResourceGroup ContosoServer      ServiceManaged ServiceManaged

This command updates a server's TDE protector type to Service Managed.

Example 2: Set the Transparent Data Encryption protector type to Azure Key Vault

Set-AzSqlServerTransparentDataEncryptionProtector -Type AzureKeyVault -KeyId 'https://contoso.vault.azure.net/keys/contosokey/01234567890123456789012345678901' -ServerName 'ContosoServer' -ResourceGroupName 'ContosoResourceGroup'

ResourceGroupName    ServerName                   Type ServerKeyVaultKeyName
-----------------    ----------                   ---- ---------------------
ContosoResourceGroup ContosoServer       AzureKeyVault contoso_contosokey_01234567890123456789012345678901

This command updates a server to use the Server Key Vault Key with Id 'https://contoso.vault.azure.net/keys/contosokey/01234567890123456789012345678901' as the TDE protector.

Example 3

Sets the Transparent Data Encryption (TDE) protector for a SQL server. (autogenerated)

Set-AzSqlServerTransparentDataEncryptionProtector -AutoRotationEnabled $false -KeyId 'https://contoso.vault.azure.net/keys/contosokey/0000000000000000000000000000000000000' -ResourceGroupName 'ContosoResourceGroup' -ServerName 'ContosoServer' -Type AzureKeyVault

Parameters

-AsJob

Run cmdlet in the background

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-AutoRotationEnabled

The key auto rotation opt-in status.

Type:Nullable<T>[Boolean]
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DefaultProfile

The credentials, account, tenant, and subscription used for communication with azure

Type:IAzureContextContainer
Aliases:AzContext, AzureRmContext, AzureCredential
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Force

Skip confirmation message for performing the action

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-KeyId

The Azure Key Vault KeyId.

Type:String
Position:3
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-ResourceGroupName

The name of the resource group

Type:String
Position:0
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-ServerName

The Azure Sql Server name.

Type:String
Position:1
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-Type

The Azure Sql Database TDE protector type.

Type:EncryptionProtectorType
Accepted values:AzureKeyVault, ServiceManaged
Position:2
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

EncryptionProtectorType

String

Outputs

AzureSqlServerTransparentDataEncryptionProtectorModel