Add-SqlColumnEncryptionKeyValue
Adds an encrypted value for an existing column encryption key object in the database.
Syntax
Add-SqlColumnEncryptionKeyValue
-ColumnMasterKeyName <String>
-EncryptedValue <String>
[-Name] <String>
[-InputObject] <Database>
[-Script]
[<CommonParameters>] Add-SqlColumnEncryptionKeyValue
-ColumnMasterKeyName <String>
-EncryptedValue <String>
[-Name] <String>
[[-Path] <String>]
[-Script]
[<CommonParameters>] Description
The Add-SqlColumnEncryptionKeyValue cmdlet adds a column encryption key object in the database, by adding an entry for a new encrypted value. Initially, a column encryption key object contains one entry containing an encrypted value of a column encryption key for Always Encrypted. This cmdlet adds the second encrypted value entry, in order to support a rotating column master key. Both the new and the initial encrypted value should represent the same plaintext key, but they should be produced using different column master keys.
Note: This cmdlet is only available in PowerShell 5.
Examples
Example 1: Add an encrypted value for an existing column encryption key
PS C:\> Add-SqlColumnEncryptionKeyValue -Name "CEK1" -InputObject $Database -ColumnMasterKeyName "CMK2" -ColumnEncryptionKeyCiphertext "0x016E000001630075007200720065006E00740075007300650072002F006D0079002F006200330039003900340035006200370031003100330037003700350032006400380061003100310033003900660035006200640036006400380066003700330038006600320033006200360032003000307925663D2C3E275DD272E15E606927DA4326F5735C2C8E84F91B9EFE44F503ED01C130984E83AF4513F8A4A8D0878D42364E958291AE25111A868D25B69FC5143EEC04131DA27D05F3442CB665ACB4BB3F6A7A9F07DBD5D212A772414A2CCA03BEBEB7BF0E22C644C715D739B983872AFB2D390229A0B5311BCA07E3C1D857EE8982320BBBE9382C960B9674E3CC3D618AD623D6A362BEAEF68B1B1BB49660DD643A4375A9285CD9EAA5B13BFE2792DA92025351E7B6067BA07B6178D03041F40F00D84326627094C9D6944DD912497B080058A529D2DA11C8D609604449714420B4E44ECD1EB26DEE18BF712146A51DD99A02E3D4EE692A503CF02F874497010772DE743DDFB2A74801AC9A94C876D1F93554B70CE0ECC437E7FC28BC11A08222977CDA807E256ED536C41700C631878226E513AFE1199A1DB4732F975AA09A1E75B8A19802AE018871A7A0AD5B1E29B942F30490EDABD310A4170B991EBCFDA2AFE43285D5406476204B381D8A33EEB0B967073B4C0127B1C7F0281AB310EE4B9A3C2D3EAB44A1F5D15D4739FFAEF6110ED4808446F6A05DBF4121B2B33A0AF5A457CD38F895B8F7ABDF792E3ADBC3AF55B1442625F88F80127D08DE9E4AC1BB2AAA46843A477135053CEEFA4327D8C999C16D8B49C225F34AD7588A5F9E93FB5532B1F1DC5AFB3CE23DDC8DC12327DD6B5985104D14F4A1BC0F61F0AACD"This command adds a new encrypted value for the column encryption key database object named CEK1. The new value is encrypted with the column master key, named CMK2.
Parameters
Specifies the name of the column master key that is used to produce the encrypted value that this cmdlet adds to the database.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Specifies the encrypted value that this cmdlet adds to the database. You are responsible that the encrypted value, if specified, has been generated using the specified column master key.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Specifies the SQL database object for which this cmdlet runs the operation.
| Type: | Database |
| Position: | 2 |
| Default value: | None |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
Specifies the name of the column encryption key object that this cmdlet modifies.
| Type: | String |
| Position: | 1 |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Specifies the path of the SQL database for which this cmdlet runs the operation. If you do not specify the value of this parameter, this cmdlet uses the current working location.
| Type: | String |
| Position: | 2 |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Indicates that this cmdlet runs a script to add the SQL column encryption key value.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
Microsoft.SqlServer.Management.Smo.Database
Outputs
System.Object