New-SqlAzureKeyVaultColumnMasterKeySettings

Creates a SqlColumnMasterKeySettings object describing an asymmetric key stored in Azure Key Vault.

Syntax

New-SqlAzureKeyVaultColumnMasterKeySettings
   [-KeyUrl] <String>
   [-Signature <String>]
   [-AllowEnclaveComputations]
   [<CommonParameters>]

Description

The New-SqlAzureKeyVaultColumnMasterKeySettings cmdlet creates a SqlColumnMasterKeySettings object that references a key, stored in Azure Key Vault, which is intended to be used as a column master key for the Always Encrypted feature.

Examples

Example 1: Create a simple SqlColumnMasterKeySettings object

PS C:\> $CMKSettings = New-SqlAzureKeyVaultColumnMasterKeySettings -KeyUrl "https://myvault.vault.contoso.net:443/keys/CMK/4c05f1a41b12488f9cba2ea964b6a700"

This command creates a SqlColumnMasterKeySettings object that references a key in Azure Key Vault and stores the result in the variable named $CMKSettings

Example 2: Create a SqlColumnMasterKeySettings with auto-signed properties allowing enclave computations

PS C:\> $CMKSettings = New-SqlAzureKeyVaultColumnMasterKeySettings -KeyUrl "https://myvault.vault.contoso.net:443/keys/CMK/4c05f1a41b12488f9cba2ea964b6a700" -AllowEnclaveComputations

This command creates a SqlColumnMasterKeySettings object that references a key in Azure Key Vault and stores the result in the variable named $CMKSettings. The key allows enclave computations. Since the signature parameter is not specified, the cmdlet automatically computes the signature and populates the Signature property of the SqlColumnMasterKeySettings object.

Example 3: Create a SqlColumnMasterKeySettings object allowing enclave computations

PS C:\> $CMKSettings = New-SqlAzureKeyVaultColumnMasterKeySettings -KeyUrl "https://myvault.vault.contoso.net:443/keys/CMK/4c05f1a41b12488f9cba2ea964b6a700 -AllowEnclaveComputations -Signature "0x19BEB4F27F582FDBBD0C7E5F92CF161D79D5E7F5A5183F9C8E710252E7028A3654FBEAF834EE45925024F1A32BD3C6D7D92B46E38690830E20E0777607B073E6665EB05E39263C02557D1208ACECB2251A108D0DEFC25232B67FD223C590258C817292FAFCE2388507812D64A0AEC9E546B0B8E4B2F3EA436053CB158F3CF478C5F5EDA511D0F752F60C3B129BF21356A93368FCC7FD6FAA8DB4E919EB551F375181CA3F4D0404A811C99BD2C8D10C0003AC12B138371F2D76611768B4E84D44116C42F00D679B36D41FBD9467B58291B1F4348C7B422793DA0614EF980CA0A7F42B6D627AFA5A753F0869D2C2F9B0FD38289D5433CE9266C6F867334654BE12"

This command creates a SqlColumnMasterKeySettings object that references a key in Azure Key Vault and stores the result in the variable named $CMKSettings. The key allows enclave computations. The signature of the key properties is specified in the Signature parameter.

Parameters

-AllowEnclaveComputations

Specifies whether the column master key allows enclave computations. If the parameter is specified, server-side secure enclaves will be allowed to perform computations on data protected with the column master key. Not valid for SQL Server 2017 and older versions.

Type:SwitchParameter
Position:Named
Default value:False
Accept pipeline input:False
Accept wildcard characters:False
-KeyUrl

Specifies the link, as a URL, of the key in Azure Key Vault.

Type:String
Position:0
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Signature

Specifies a hexadecimal string that is a digital signature of column master key properties. A client driver can verify the signature to ensure the column master key properties have not been tampered with. This parameter is allowed only if AllowEnclaveComputations is specified. If AllowEnclaveComputations is specified, but Signature is not, the cmdlet automatically computes the signature and populates the Signature property of the new SqlColumnMasterKeySettings object.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

Outputs

SqlColumnMasterKeySettings