Note

Access to this page requires authorization. You can try signing in or .

Access to this page requires authorization. You can try .

Set-AzSqlInstanceTransparentDataEncryptionProtector

Module:: Az.Sql Module

Sets the Transparent Data Encryption (TDE) protector for a SQL managed instance.

Syntax

AzureSqlRmManagedInstanceTransparentDataEncryptionProtectorDefaultParameterSet (Default)

Set-AzSqlInstanceTransparentDataEncryptionProtector
 [-Type] <EncryptionProtectorType>
 [[-KeyId] <String>]
 [-ResourceGroupName] <String>
 [-InstanceName] <String>
 [-AutoRotationEnabled <Boolean>]
 [-Force]
 [-DefaultProfile <IAzureContextContainer>]
 [-WhatIf]
 [-Confirm]
 [<CommonParameters>]

AzureSqlRmManagedInstanceTransparentDataEncryptionProtectorInputObjectParameterSet

Set-AzSqlInstanceTransparentDataEncryptionProtector
 [-Type] <EncryptionProtectorType>
 [[-KeyId] <String>]
 [-Instance] <AzureSqlManagedInstanceModel>
 [-AutoRotationEnabled <Boolean>]
 [-Force]
 [-DefaultProfile <IAzureContextContainer>]
 [-WhatIf]
 [-Confirm]
 [<CommonParameters>]

AzureSqlRmManagedInstanceTransparentDataEncryptionProtectorResourceIdParameterSet

Set-AzSqlInstanceTransparentDataEncryptionProtector
 [-Type] <EncryptionProtectorType>
 [[-KeyId] <String>]
 [-InstanceResourceId] <String>
 [-AutoRotationEnabled <Boolean>]
 [-Force]
 [-DefaultProfile <IAzureContextContainer>]
 [-WhatIf]
 [-Confirm]
 [<CommonParameters>]

Description

The Set-AzSqlInstanceTransparentDataEncryptionProtector cmdlet sets the TDE protector for a SQL managed instance. Changing the TDE protector type will rotate the protector.

Examples

Example 1: Set the Transparent Data Encryption (TDE) protector type to ServiceManaged

Set-AzSqlInstanceTransparentDataEncryptionProtector -ResourceGroupName 'ContosoResourceGroup' -InstanceName 'ContosoManagedInstanceName' -Type ServiceManaged

ResourceGroupName : ContosoResourceGroup
ManagedInstanceName : ContosoManagedInstanceName
Type : ServiceManaged
ManagedInstanceKeyVaultKeyName : ServiceManaged
KeyId :

This command updates a managed instance's TDE protector type to Service Managed.

Example 2: Set the Transparent Data Encryption protector type to Azure Key Vault

Set-AzSqlInstanceTransparentDataEncryptionProtector -ResourceGroupName 'ContosoResourceGroup' -InstanceName 'ContosoManagedInstanceName' -Type AzureKeyVault -KeyId 'https://contoso.vault.azure.net/keys/contosokey/01234567890123456789012345678901'

ResourceGroupName : ContosoResourceGroup
ManagedInstanceName : ContosoManagedInstanceName
Type : AzureKeyVault
ManagedInstanceKeyVaultKeyName : contoso_contosokey_01234567890123456789012345678901
KeyId : https://contoso.vault.azure.net/keys/contosokey/01234567890123456789012345678901

This command updates the specified managed instance to use the Managed instance Key Vault Key with Id 'https://contoso.vault.azure.net/keys/contosokey/01234567890123456789012345678901' as the TDE protector.

Example 3: Set the Transparent Data Encryption protector type to Azure Key Vault using managed instance object

$managedInstance = Get-AzSqlInstance -Name 'ContosoManagedInstanceName' -ResourceGroupName 'ContosoResourceGroup'
Set-AzSqlInstanceTransparentDataEncryptionProtector -Instance $managedInstance -Type AzureKeyVault -KeyId 'https://contoso.vault.azure.net/keys/contosokey/01234567890123456789012345678901'

ResourceGroupName : ContosoResourceGroup
ManagedInstanceName : ContosoManagedInstanceName
Type : AzureKeyVault
ManagedInstanceKeyVaultKeyName : contoso_contosokey_01234567890123456789012345678901
KeyId : https://contoso.vault.azure.net/keys/contosokey/01234567890123456789012345678901

Example 4: Set the Transparent Data Encryption protector type to Azure Key Vault using resource id

$managedInstance = Get-AzSqlInstance -Name 'ContosoManagedInstanceName' -ResourceGroupName 'ContosoResourceGroup'
Set-AzSqlInstanceTransparentDataEncryptionProtector -InstanceResourceId $managedInstance.ResourceId -Type AzureKeyVault -KeyId 'https://contoso.vault.azure.net/keys/contosokey/01234567890123456789012345678901'

ResourceGroupName : ContosoResourceGroup
ManagedInstanceName : ContosoManagedInstanceName
Type : AzureKeyVault
ManagedInstanceKeyVaultKeyName : contoso_contosokey_01234567890123456789012345678901
KeyId : https://contoso.vault.azure.net/keys/contosokey/01234567890123456789012345678901

Example 5: Set the Transparent Data Encryption protector type to Azure Key Vault using piping

$managedInstance = Get-AzSqlInstance -Name 'ContosoManagedInstanceName' -ResourceGroupName 'ContosoResourceGroup'
$managedInstance | Set-AzSqlInstanceTransparentDataEncryptionProtector -Type AzureKeyVault -KeyId 'https://contoso.vault.azure.net/keys/contosokey/01234567890123456789012345678901'

ResourceGroupName : ContosoResourceGroup
ManagedInstanceName : ContosoManagedInstanceName
Type : AzureKeyVault
ManagedInstanceKeyVaultKeyName : contoso_contosokey_01234567890123456789012345678901
KeyId : https://contoso.vault.azure.net/keys/contosokey/01234567890123456789012345678901

Parameters

-AutoRotationEnabled

The key auto rotation opt-in status.

Parameter properties

Type:	Nullable<T>[Boolean]
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

-Confirm

Prompts you for confirmation before running the cmdlet.

Parameter properties

Type:	SwitchParameter
Default value:	None
Supports wildcards:	False
DontShow:	False
Aliases:	cf

Parameter sets

-DefaultProfile

The credentials, account, tenant, and subscription used for communication with Azure.

Parameter properties

Type:	IAzureContextContainer
Default value:	None
Supports wildcards:	False
DontShow:	False
Aliases:	AzContext, AzureRmContext, AzureCredential

Parameter sets

-Force

Skip confirmation message for performing the action

Parameter properties

Type:	SwitchParameter
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

-Instance

The instance input object

Parameter properties

Type:	AzureSqlManagedInstanceModel
Default value:	None
Supports wildcards:	False
DontShow:	False
Aliases:	InputObject

Parameter sets

-InstanceName

The instance name

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

-InstanceResourceId

The instance resource id

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False
Aliases:	ResourceId

Parameter sets

-KeyId

The Azure Key Vault KeyId.

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

-ResourceGroupName

The Resource Group Name

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

-Type

The Azure Sql Database Transparent Data Encryption Protector type.

Parameter properties

Type:	EncryptionProtectorType
Default value:	None
Accepted values:	AzureKeyVault, ServiceManaged
Supports wildcards:	False
DontShow:	False

Parameter sets

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Parameter properties

Type:	SwitchParameter
Default value:	None
Supports wildcards:	False
DontShow:	False
Aliases:	wi

Parameter sets

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

URL: https://learn.microsoft.com/en-us/powershell/module/az.sql/set-azsqlinstancetransparentdataencryptionprotector?view=azps-16.0.0