Invoke-SqlColumnMasterKeyRotation

SYNOPSIS

Initiates the rotation of a column master key.

SYNTAX

ByObject

Invoke-SqlColumnMasterKeyRotation -SourceColumnMasterKeyName <String> -TargetColumnMasterKeyName <String>
 [-InputObject] <Database> [-Script] [-InformationAction <ActionPreference>] [-InformationVariable <String>]
 [<CommonParameters>]

ByPath

Invoke-SqlColumnMasterKeyRotation -SourceColumnMasterKeyName <String> -TargetColumnMasterKeyName <String>
 [[-Path] <String>] [-Script] [-InformationAction <ActionPreference>] [-InformationVariable <String>]
 [<CommonParameters>]

DESCRIPTION

The Invoke-SqlColumnMasterKeyRotation cmdlet replaces an existing source column master key with a new target column master key for the Always Encrypted feature. The cmdlet retrieves all column encryption key objects that contain encrypted key values that are encrypted with the specified source column master key. Then, the cmdlet decrypts the current encrypted values, re-encrypts the resulting plaintext values with the target column master key, and then updates the impacted column encryption key objects to add the new encrypted values. As a result, each impacted column encryption key contains two encrypted values: One produced using the current source column master key and another, produced using the target column master key.

EXAMPLES

Example 1: Initiate the process of rotating the column master key

PS C:\> Invoke-SqlColumnMasterKey -SourceColumnMasterKeyName "CMK1" -TargetColumnMasterKeyName "CMK2"

This command initiates the process of rotating the column master key named CMK1, and replacing it with the column master key named CMK2.

PARAMETERS

-SourceColumnMasterKeyName

Specifies the name of the source column master key.

Type: String
Parameter Sets: (All)
Aliases: 

Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-TargetColumnMasterKeyName

Specifies the name of the target column master key.

Type: String
Parameter Sets: (All)
Aliases: 

Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-InputObject

Specifies the SQL database object, for which this cmdlet runs the operation.

Type: Database
Parameter Sets: ByObject
Aliases: 

Required: True
Position: 1
Default value: None
Accept pipeline input: True (ByValue)
Accept wildcard characters: False

-Script

Indicates that this cmdlet runs a Transact-SQL script that performs the task.

Type: SwitchParameter
Parameter Sets: (All)
Aliases: 

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-InformationAction

Specifies how this cmdlet responds to an information event.

The acceptable values for this parameter are:

  • Continue
  • Ignore
  • Inquire
  • SilentlyContinue
  • Stop
  • Suspend
Type: ActionPreference
Parameter Sets: (All)
Aliases: infa

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-InformationVariable

Specifies an information variable.

Type: String
Parameter Sets: (All)
Aliases: iv

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Path

Specifies the path of the SQL database, for which this cmdlet runs the operation. If you do not specify a value for this parameter, the cmdlet uses the current working location.

Type: String
Parameter Sets: ByPath
Aliases: 

Required: False
Position: 1
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).

INPUTS

OUTPUTS

NOTES

Configure Always Encrypted using PowerShell

Complete-SqlColumnMasterKeyRotation