Set-AzSqlInstanceTransparentDataEncryptionProtector

Reference

Module:: Az.Sql

Sets the Transparent Data Encryption (TDE) protector for a SQL managed instance.

Note

This is the previous version of our documentation. Please consult the most recent version for up-to-date information.

Syntax

Set-AzSqlInstanceTransparentDataEncryptionProtector
   [-Type] <EncryptionProtectorType>
   [[-KeyId] <String>]
   [-Force]
   [-ResourceGroupName] <String>
   [-InstanceName] <String>
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Set-AzSqlInstanceTransparentDataEncryptionProtector
   [-Type] <EncryptionProtectorType>
   [[-KeyId] <String>]
   [-Force]
   [-Instance] <AzureSqlManagedInstanceModel>
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Set-AzSqlInstanceTransparentDataEncryptionProtector
   [-Type] <EncryptionProtectorType>
   [[-KeyId] <String>]
   [-Force]
   [-InstanceResourceId] <String>
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

The Set-AzSqlInstanceTransparentDataEncryptionProtector cmdlet sets the TDE protector for a SQL managed instance. Changing the TDE protector type will rotate the protector.

Examples

Example 1: Set the Transparent Data Encryption (TDE) protector type to ServiceManaged

PS C:\> Set-AzSqlInstanceTransparentDataEncryptionProtector -ResourceGroupName 'ContosoResourceGroup' -InstanceName 'ContosoManagedInstanceName' -Type ServiceManaged

ResourceGroupName              : ContosoResourceGroup
ManagedInstanceName            : ContosoManagedInstanceName
Type                           : ServiceManaged
ManagedInstanceKeyVaultKeyName : ServiceManaged
KeyId                          :

This command updates a managed instance's TDE protector type to Service Managed.

Example 2: Set the Transparent Data Encryption protector type to Azure Key Vault

PS C:\> Set-AzSqlInstanceTransparentDataEncryptionProtector -ResourceGroupName 'ContosoResourceGroup' -InstanceName 'ContosoManagedInstanceName' -Type AzureKeyVault -KeyId 'https://contoso.vault.azure.net/keys/contosokey/01234567890123456789012345678901'

ResourceGroupName              : ContosoResourceGroup
ManagedInstanceName            : ContosoManagedInstanceName
Type                           : AzureKeyVault
ManagedInstanceKeyVaultKeyName : contoso_contosokey_01234567890123456789012345678901
KeyId                          : https://contoso.vault.azure.net/keys/contosokey/01234567890123456789012345678901

This command updates the specified managed instance to use the Managed instance Key Vault Key with Id 'https://contoso.vault.azure.net/keys/contosokey/01234567890123456789012345678901' as the TDE protector.

Example 3: Set the Transparent Data Encryption protector type to Azure Key Vault using managed instance object

PS C:\> $managedInstance = Get-AzSqlInstance -Name 'ContosoManagedInstanceName' -ResourceGroupName 'ContosoResourceGroup'
PS C:\> Set-AzSqlInstanceTransparentDataEncryptionProtector -Instance $managedInstance -Type AzureKeyVault -KeyId 'https://contoso.vault.azure.net/keys/contosokey/01234567890123456789012345678901'

ResourceGroupName              : ContosoResourceGroup
ManagedInstanceName            : ContosoManagedInstanceName
Type                           : AzureKeyVault
ManagedInstanceKeyVaultKeyName : contoso_contosokey_01234567890123456789012345678901
KeyId                          : https://contoso.vault.azure.net/keys/contosokey/01234567890123456789012345678901

Example 4: Set the Transparent Data Encryption protector type to Azure Key Vault using resource id

PS C:\> $managedInstance = Get-AzSqlInstance -Name 'ContosoManagedInstanceName' -ResourceGroupName 'ContosoResourceGroup'
PS C:\> Set-AzSqlInstanceTransparentDataEncryptionProtector -InstanceResourceId $managedInstance.ResourceId -Type AzureKeyVault -KeyId 'https://contoso.vault.azure.net/keys/contosokey/01234567890123456789012345678901'

ResourceGroupName              : ContosoResourceGroup
ManagedInstanceName            : ContosoManagedInstanceName
Type                           : AzureKeyVault
ManagedInstanceKeyVaultKeyName : contoso_contosokey_01234567890123456789012345678901
KeyId                          : https://contoso.vault.azure.net/keys/contosokey/01234567890123456789012345678901

Example 5: Set the Transparent Data Encryption protector type to Azure Key Vault using piping

PS C:\> $managedInstance = Get-AzSqlInstance -Name 'ContosoManagedInstanceName' -ResourceGroupName 'ContosoResourceGroup'
PS C:\> $managedInstance | Set-AzSqlInstanceTransparentDataEncryptionProtector -Type AzureKeyVault -KeyId 'https://contoso.vault.azure.net/keys/contosokey/01234567890123456789012345678901'

ResourceGroupName              : ContosoResourceGroup
ManagedInstanceName            : ContosoManagedInstanceName
Type                           : AzureKeyVault
ManagedInstanceKeyVaultKeyName : contoso_contosokey_01234567890123456789012345678901
KeyId                          : https://contoso.vault.azure.net/keys/contosokey/01234567890123456789012345678901

Parameters

-AutoRotationEnabled

The key auto rotation opt-in status.

Type:	Nullable<T>[Boolean]
Position:	Named
Default value:	None
Accept pipeline input:	True
Accept wildcard characters:	False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:	SwitchParameter
Aliases:	cf
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-DefaultProfile

The credentials, account, tenant, and subscription used for communication with Azure.

Type:	IAzureContextContainer
Aliases:	AzContext, AzureRmContext, AzureCredential
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-Force

Skip confirmation message for performing the action

Type:	SwitchParameter
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-Instance

The instance input object

Type:	AzureSqlManagedInstanceModel
Aliases:	InputObject
Position:	0
Default value:	None
Accept pipeline input:	True
Accept wildcard characters:	False

-InstanceName

The instance name

Type:	String
Position:	1
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-InstanceResourceId

The instance resource id

Type:	String
Aliases:	ResourceId
Position:	0
Default value:	None
Accept pipeline input:	True
Accept wildcard characters:	False

-KeyId

The Azure Key Vault KeyId.

Type:	String
Position:	2
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-ResourceGroupName

The Resource Group Name

Type:	String
Position:	0
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-Type

The Azure Sql Database Transparent Data Encryption Protector type.

Type:	EncryptionProtectorType
Accepted values:	AzureKeyVault, ServiceManaged
Position:	1
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:	SwitchParameter
Aliases:	wi
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

Inputs

AzureSqlManagedInstanceModel

System.String

Outputs

AzureRmSqlManagedInstanceTransparentDataEncryptionProtectorModel