Note
Access to this page requires authorization. You can try signing in or .
Access to this page requires authorization. You can try .
Add-AzSqlInstanceKeyVaultKey
- Module:
- Az.Sql Module
Adds a key vault key to the provided Managed Instance.
Syntax
AddAzureRmSqlManagedInstanceKeyVaultKeyDefaultParameterSet (Default)
Add-AzSqlInstanceKeyVaultKey
[-ResourceGroupName] <String>
[-InstanceName] <String>
[-KeyId] <String>
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
AddAzureRmSqlManagedInstanceKeyVaultKeyInputObjectParameterSet
Add-AzSqlInstanceKeyVaultKey
[-Instance] <AzureSqlManagedInstanceModel>
[-KeyId] <String>
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
AddAzureRmSqlManagedInstanceKeyVaultKeyResourceIdParameterSet
Add-AzSqlInstanceKeyVaultKey
[-InstanceResourceId] <String>
[-KeyId] <String>
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
The Add-AzSqlInstanceKeyVaultKey cmdlet adds a key vault key to the provided Managed Instance. The managed instance must have 'get, wrapKey, unwrapKey' permissions to the vault, use the following script to grant permission to the managed instance. $managedInstance = Get-AzSqlInstance -Name 'ContosoManagedInstanceName' -ResourceGroupName 'ContosoResourceGroup' Set-AzKeyVaultAccessPolicy -VaultName ContosoVault -ObjectId $managedInstance.Identity.PrincipalId -PermissionsToKeys get, wrapKey, unwrapKey
Examples
Example 1
Add-AzSqlInstanceKeyVaultKey -ResourceGroupName 'ContosoResourceGroup' -InstanceName 'ContosoManagedInstanceName' -KeyId 'https://contoso.vault.azure.net/keys/contosokey/01234567890123456789012345678901'
ResourceGroupName : ContosoResourceGroup
ManagedInstanceName : ContosoManagedInstanceName
KeyId : https://contoso.vault.azure.net/keys/contosokey/01234567890123456789012345678901
ManagedInstanceKeyName : contoso_contosokey_01234567890123456789012345678901
CreationDate : 9/1/2018 12:11:49 AM
Thumbprint : 6AB10000F99E1B6A22222F39E3F11CB5DC5A55A1
Type : AzureKeyVault
This command adds the Key Vault key with Id 'https://contoso.vault.azure.net/keys/contosokey/01234567890123456789012345678901' to the SQL managed instance named 'ContosoManagedInstanceName' in the resource group 'ContosoResourceGroup'.
Example 2: Using managed instance object
$managedInstance = Get-AzSqlInstance -Name 'ContosoManagedInstanceName' -ResourceGroupName 'ContosoResourceGroup'
Add-AzSqlInstanceKeyVaultKey -Instance $managedInstance -KeyId 'https://contoso.vault.azure.net/keys/contosokey/01234567890123456789012345678901'
ResourceGroupName : ContosoResourceGroup
ManagedInstanceName : ContosoManagedInstanceName
KeyId : https://contoso.vault.azure.net/keys/contosokey/01234567890123456789012345678901
ManagedInstanceKeyName : contoso_contosokey_01234567890123456789012345678901
CreationDate : 9/1/2018 12:11:49 AM
Thumbprint : 6AB10000F99E1B6A22222F39E3F11CB5DC5A55A1
Type : AzureKeyVault
This command adds the Key Vault key with Id 'https://contoso.vault.azure.net/keys/contosokey/01234567890123456789012345678901' to the SQL managed instance named 'ContosoManagedInstanceName' in the resource group 'ContosoResourceGroup'.
Example 3: Using managed instance resource id
$managedInstance = Get-AzSqlInstance -Name 'ContosoManagedInstanceName' -ResourceGroupName 'ContosoResourceGroup'
Add-AzSqlInstanceKeyVaultKey -InstanceResourceId $managedInstance.ResourceId -KeyId 'https://contoso.vault.azure.net/keys/contosokey/01234567890123456789012345678901'
ResourceGroupName : ContosoResourceGroup
ManagedInstanceName : ContosoManagedInstanceName
KeyId : https://contoso.vault.azure.net/keys/contosokey/01234567890123456789012345678901
ManagedInstanceKeyName : contoso_contosokey_01234567890123456789012345678901
CreationDate : 9/1/2018 12:11:49 AM
Thumbprint : 6AB10000F99E1B6A22222F39E3F11CB5DC5A55A1
Type : AzureKeyVault
This command adds the Key Vault key with Id 'https://contoso.vault.azure.net/keys/contosokey/01234567890123456789012345678901' to the SQL managed instance named 'ContosoManagedInstanceName' in the resource group 'ContosoResourceGroup'.
Example 4: Using piping
$managedInstance = Get-AzSqlInstance -Name 'ContosoManagedInstanceName' -ResourceGroupName 'ContosoResourceGroup'
$managedInstance | Add-AzSqlInstanceKeyVaultKey -KeyId 'https://contoso.vault.azure.net/keys/contosokey/01234567890123456789012345678901'
ResourceGroupName : ContosoResourceGroup
ManagedInstanceName : ContosoManagedInstanceName
KeyId : https://contoso.vault.azure.net/keys/contosokey/01234567890123456789012345678901
ManagedInstanceKeyName : contoso_contosokey_01234567890123456789012345678901
CreationDate : 9/1/2018 12:11:49 AM
Thumbprint : 6AB10000F99E1B6A22222F39E3F11CB5DC5A55A1
Type : AzureKeyVault
This command adds the Key Vault key with Id 'https://contoso.vault.azure.net/keys/contosokey/01234567890123456789012345678901' to the SQL managed instance named 'ContosoManagedInstanceName' in the resource group 'ContosoResourceGroup'.
Parameters
-Confirm
Prompts you for confirmation before running the cmdlet.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | cf |
Parameter sets
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with Azure.
Parameter properties
| Type: | IAzureContextContainer |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | AzContext, AzureRmContext, AzureCredential |
Parameter sets
-Instance
The instance input object
Parameter properties
| Type: | AzureSqlManagedInstanceModel |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | InputObject |
Parameter sets
-InstanceName
The instance name
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-InstanceResourceId
The instance resource id
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | ResourceId |
Parameter sets
-KeyId
AzureKeyVault key id
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-ResourceGroupName
The Resource Group Name
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | wi |
Parameter sets
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Inputs
AzureSqlManagedInstanceModel
System.String
Outputs
AzureRmSqlManagedInstanceKeyVaultKeyModel
Azure PowerShell
Feedback
Was this page helpful?