New-SqlAzureKeyVaultColumnMasterKeySettings
Creates a SqlColumnMasterKeySettings object describing an asymmetric key stored in Azure Key Vault.
Syntax
New-SqlAzureKeyVaultColumnMasterKeySettings
[-KeyUrl] <String>
[-Signature <String>]
[-AllowEnclaveComputations]
[<CommonParameters>] Description
The New-SqlAzureKeyVaultColumnMasterKeySettings cmdlet creates a SqlColumnMasterKeySettings object that references a key, stored in Azure Key Vault, which is intended to be used as a column master key for the Always Encrypted feature.
Note: This cmdlet is only available in PowerShell 5.
Examples
Example 1: Create a simple SqlColumnMasterKeySettings object
PS C:\> $CMKSettings = New-SqlAzureKeyVaultColumnMasterKeySettings -KeyUrl "https://myvault.vault.contoso.net:443/keys/CMK/4c05f1a41b12488f9cba2ea964b6a700"This command creates a SqlColumnMasterKeySettings object that references a key in Azure Key Vault and stores the result in the variable named $CMKSettings
Example 2: Create a SqlColumnMasterKeySettings with auto-signed properties allowing enclave computations
PS C:\> $CMKSettings = New-SqlAzureKeyVaultColumnMasterKeySettings -KeyUrl "https://myvault.vault.contoso.net:443/keys/CMK/4c05f1a41b12488f9cba2ea964b6a700" -AllowEnclaveComputationsThis command creates a SqlColumnMasterKeySettings object that references a key in Azure Key Vault and stores the result in the variable named $CMKSettings. The key allows enclave computations. Since the signature parameter is not specified, the cmdlet automatically computes the signature and populates the Signature property of the SqlColumnMasterKeySettings object.
Example 3: Create a SqlColumnMasterKeySettings object allowing enclave computations
PS C:\> $CMKSettings = New-SqlAzureKeyVaultColumnMasterKeySettings -KeyUrl "https://myvault.vault.contoso.net:443/keys/CMK/4c05f1a41b12488f9cba2ea964b6a700 -AllowEnclaveComputations -Signature "0x19BEB4F27F582FDBBD0C7E5F92CF161D79D5E7F5A5183F9C8E710252E7028A3654FBEAF834EE45925024F1A32BD3C6D7D92B46E38690830E20E0777607B073E6665EB05E39263C02557D1208ACECB2251A108D0DEFC25232B67FD223C590258C817292FAFCE2388507812D64A0AEC9E546B0B8E4B2F3EA436053CB158F3CF478C5F5EDA511D0F752F60C3B129BF21356A93368FCC7FD6FAA8DB4E919EB551F375181CA3F4D0404A811C99BD2C8D10C0003AC12B138371F2D76611768B4E84D44116C42F00D679B36D41FBD9467B58291B1F4348C7B422793DA0614EF980CA0A7F42B6D627AFA5A753F0869D2C2F9B0FD38289D5433CE9266C6F867334654BE12"This command creates a SqlColumnMasterKeySettings object that references a key in Azure Key Vault and stores the result in the variable named $CMKSettings. The key allows enclave computations. The signature of the key properties is specified in the Signature parameter.
Parameters
-AllowEnclaveComputations
Specifies whether the column master key allows enclave computations. If the parameter is specified, server-side secure enclaves will be allowed to perform computations on data protected with the column master key. Not valid for SQL Server 2017 and older versions.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-KeyUrl
Specifies the link, as a URL, of the key in Azure Key Vault.
| Type: | String |
| Position: | 0 |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Signature
Specifies a hexadecimal string that is a digital signature of column master key properties. A client driver can verify the signature to ensure the column master key properties have not been tampered with. This parameter is allowed only if AllowEnclaveComputations is specified. If AllowEnclaveComputations is specified, but Signature is not, the cmdlet automatically computes the signature and populates the Signature property of the new SqlColumnMasterKeySettings object.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Outputs
SqlColumnMasterKeySettings