你当前正在访问 Microsoft Azure Global Edition 技术文档网站。 如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站,请访问 https://docs.azure.cn

New-AzCosmosDbClientEncryptionKey

Creates a new CosmosDB Client Encryption Key.

语法

ByNameParameterSet (默认值)

New-AzCosmosDbClientEncryptionKey
    -ResourceGroupName <String>
    -AccountName <String>
    -DatabaseName <String>
    -Name <String>
    -EncryptionAlgorithmName <String>
    -KeyWrapMetadata <PSSqlKeyWrapMetadata>
    [-KeyEncryptionKeyResolver <IKeyEncryptionKeyResolver>]
    [-DefaultProfile <IAzureContextContainer>]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

ByParentObjectParameterSet

New-AzCosmosDbClientEncryptionKey
    -Name <String>
    -EncryptionAlgorithmName <String>
    -KeyWrapMetadata <PSSqlKeyWrapMetadata>
    -SqlDatabaseObject <PSSqlDatabaseGetResults>
    [-KeyEncryptionKeyResolver <IKeyEncryptionKeyResolver>]
    [-DefaultProfile <IAzureContextContainer>]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

说明

The New-AzCosmosDbClientEncryptionKey creates a new CosmosDB Client Encryption Key.

示例

Example 1

$myKeyWrapMetadataObject = [Microsoft.Azure.Commands.CosmosDB.Models.PSSqlKeyWrapMetadata]::new([Microsoft.Azure.Management.CosmosDB.Models.KeyWrapMetadata]::new("myKekV1","AZURE_KEY_VAULT", "https://contoso.vault.azure.net/keys/myKekV1/78deebed173b48e48f55abf87ed4cf71", "RSA-OAEP"))
New-AzCosmosDbClientEncryptionKey -AccountName myAccountName -DatabaseName myDatabaseName -ResourceGroupName myRgName -Name myClientEncryptionKeyName -EncryptionAlgorithmName "AEAD_AES_256_CBC_HMAC_SHA256" -KeyWrapMetadata $myKeyWrapMetadataObject
Name     : myContainerName
Id       : /subscriptions/mySubscriptionId/resourceGroups/myRgName/providers/Microsoft.DocumentDB/databaseAccounts/myAccountName/sqlDatabases/myDatabaseName/clientEncryptionKeys/myClientEncryptionKeyName
Resource : Microsoft.Azure.Commands.CosmosDB.Models.PSSqlClientEncryptionKeyGetPropertiesResource

This example shows how a new key is created. If KeyEncryptionKeyResolver is not passed Azure Key Vault KeyResolver is used by default. The first command creates a KeyWrapMetadata object with name myKekV1 of type AZURE_KEY_VAULT with value set to key id https://contoso.vault.azure.net/keys/myKekV1/78deebed173b48e48f55abf87ed4cf71 and algorithm type "RSA-OAEP" used to encrypt the key. In the second command a new key is created with name as set in myClientEncryptionKeyName variable and with KeyWrapMetadata set to value returned by first command.

Example 2

$myKeyWrapMetadataObject = [Microsoft.Azure.Commands.CosmosDB.Models.PSSqlKeyWrapMetadata]::new([Microsoft.Azure.Management.CosmosDB.Models.KeyWrapMetadata]::new("myKekV1","AZURE_KEY_VAULT", "https://contoso.vault.azure.net/keys/myKekV1/78deebed173b48e48f55abf87ed4cf71", "RSA-OAEP"))
$azureKeyVaultKeyResolver = [Azure.Security.KeyVault.Keys.Cryptography.KeyResolver]::new([Azure.Identity.DefaultAzureCredential]::new())
New-AzCosmosDbClientEncryptionKey -AccountName myAccountName -DatabaseName myDatabaseName -ResourceGroupName myRgName -Name myClientEncryptionKeyName -EncryptionAlgorithmName "AEAD_AES_256_CBC_HMAC_SHA256" -KeyWrapMetadata $myKeyWrapMetadataObject -KeyEncryptionKeyResolver $azureKeyVaultKeyResolver
Name     : myContainerName
Id       : /subscriptions/mySubscriptionId/resourceGroups/myRgName/providers/Microsoft.DocumentDB/databaseAccounts/myAccountName/sqlDatabases/myDatabaseName/clientEncryptionKeys/myClientEncryptionKeyName
Resource : Microsoft.Azure.Commands.CosmosDB.Models.PSSqlClientEncryptionKeyGetPropertiesResource

This example shows how a new key is created and how KeyEncryptionKeyResolver can be passed as a parameter. The first command creates a KeyWrapMetadata object with name myKekV1 of type AZURE_KEY_VAULT with value set to key id https://contoso.vault.azure.net/keys/myKekV1/78deebed173b48e48f55abf87ed4cf71 and algorithm type "RSA-OAEP" used to encrypt the key. The second command creates a Azure Key Vault KeyResolver object using the Azure Default credentials. In the third command a new key is created with name as set in myClientEncryptionKeyName variable, KeyWrapMetadata set to value returned by first command and KeyEncryptionKeyResolver value set to KeyResolver object obtained via the second command.

参数

-AccountName

Name of the Cosmos DB database account.

参数属性

类型:String
默认值:None
支持通配符:False
不显示:False

参数集

ByNameParameterSet
Position:Named
必需:True
来自管道的值:False
来自管道的值(按属性名称):False
来自剩余参数的值:False

-Confirm

Prompts you for confirmation before running the cmdlet.

参数属性

类型:SwitchParameter
默认值:None
支持通配符:False
不显示:False
别名:cf

参数集

(All)
Position:Named
必需:False
来自管道的值:False
来自管道的值(按属性名称):False
来自剩余参数的值:False

-DatabaseName

Database name.

参数属性

类型:String
默认值:None
支持通配符:False
不显示:False

参数集

ByNameParameterSet
Position:Named
必需:True
来自管道的值:False
来自管道的值(按属性名称):False
来自剩余参数的值:False

-DefaultProfile

The credentials, account, tenant, and subscription used for communication with Azure.

参数属性

类型:IAzureContextContainer
默认值:None
支持通配符:False
不显示:False
别名:AzContext, AzureRmContext, AzureCredential

参数集

(All)
Position:Named
必需:False
来自管道的值:False
来自管道的值(按属性名称):False
来自剩余参数的值:False

-EncryptionAlgorithmName

Client Encryption Algorithm name.

参数属性

类型:String
默认值:None
支持通配符:False
不显示:False

参数集

(All)
Position:Named
必需:True
来自管道的值:False
来自管道的值(按属性名称):False
来自剩余参数的值:False

-KeyEncryptionKeyResolver

IKeyEncryptionKeyResolver interface of type Azure.Core.Cryptography.IKeyEncryptionKeyResolver

参数属性

类型:IKeyEncryptionKeyResolver
默认值:None
支持通配符:False
不显示:False

参数集

(All)
Position:Named
必需:False
来自管道的值:True
来自管道的值(按属性名称):False
来自剩余参数的值:False

-KeyWrapMetadata

KeyWrapMetaData Object of type Microsoft.Azure.Commands.CosmosDB.PSSqlKeyWrapMetadata.

参数属性

类型:PSSqlKeyWrapMetadata
默认值:None
支持通配符:False
不显示:False

参数集

(All)
Position:Named
必需:True
来自管道的值:True
来自管道的值(按属性名称):False
来自剩余参数的值:False

-Name

Client Encryption Key name.

参数属性

类型:String
默认值:None
支持通配符:False
不显示:False
别名:ClientEncryptionKeyName

参数集

(All)
Position:Named
必需:True
来自管道的值:False
来自管道的值(按属性名称):False
来自剩余参数的值:False

-ResourceGroupName

Name of resource group.

参数属性

类型:String
默认值:None
支持通配符:False
不显示:False

参数集

ByNameParameterSet
Position:Named
必需:True
来自管道的值:False
来自管道的值(按属性名称):False
来自剩余参数的值:False

-SqlDatabaseObject

Sql Database object.

参数属性

类型:PSSqlDatabaseGetResults
默认值:None
支持通配符:False
不显示:False

参数集

ByParentObjectParameterSet
Position:Named
必需:True
来自管道的值:True
来自管道的值(按属性名称):False
来自剩余参数的值:False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

参数属性

类型:SwitchParameter
默认值:None
支持通配符:False
不显示:False
别名:wi

参数集

(All)
Position:Named
必需:False
来自管道的值:False
来自管道的值(按属性名称):False
来自剩余参数的值:False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

输入

PSSqlKeyWrapMetadata

Byte

Microsoft.Data.Encryption.Cryptography.EncryptionKeyStoreProvider

PSSqlDatabaseGetResults

输出

PSSqlClientEncryptionKeyGetResults

ConflictingResourceException