Encryption Protectors - Create Or Update

Updates an existing encryption protector.

PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/encryptionProtector/current?api-version=2015-05-01-preview

URI Parameters

Name In Required Type Description
subscriptionId
path True
  • string

The subscription ID that identifies an Azure subscription.

resourceGroupName
path True
  • string

The name of the resource group that contains the resource. You can obtain this value from the Azure Resource Manager API or the portal.

serverName
path True
  • string

The name of the server.

encryptionProtectorName
path True

The name of the encryption protector to be updated.

api-version
query True
  • string

The API version to use for the request.

Request Body

default

Name Required Type Description
kind
  • string

Kind of encryption protector. This is metadata used for the Azure portal experience.

properties.serverKeyName
  • string

The name of the server key.

properties.serverKeyType True

The encryption protector type like 'ServiceManaged', 'AzureKeyVault'.

Responses

Name Type Description
200 OK

Successfully updated the encryption protector.

202 Accepted

Accepted

Other Status Codes

*** Error Responses: ***

  • 400 InvalidKeyName - An invalid value was given for the server key name.

  • 400 InvalidKeyType - The create server key type is not supported.

  • 400 InvalidKeyUpsertRequest - The create server key request does not exist or has no properties object.

  • 400 InvalidEncryptionProtectorName - The encryption protector key name is not supported.

  • 400 AzureKeyVaultInvalidExpirationDate - The operation could not be completed because the Azure Key Vault key expiration date is invalid.

  • 400 AzureKeyVaultInvalidUri - An invalid response from Azure Key Vault. Please use a valid Azure Key Vault URI.

  • 400 AzureKeyVaultMalformedVaultUri - The provided Key Vault uri is not valid.

  • 401 AzureKeyVaultKeyDisabled - The operation could not be completed on the server because the Azure Key Vault key is disabled.

  • 401 AzureKeyVaultNoServerIdentity - The server identity is not correctly configured on server. Please contact support.

  • 401 AzureKeyVaultMissingPermissions - The server is mising required permissions on the Azure Key Vault.

  • 401 AdalGenericError - The operation could not be completed because an Azure Active Directory error was encountered.

  • 401 AdalServicePrincipalNotFound - The operation could not be completed because an Azure Active Directory library Serivce Principal not found error was encountered.

  • 404 SubscriptionDoesNotHaveServer - The requested server was not found

  • 404 ResourceNotFound - The requested resource was not found.

  • 404 ServerKeyNotFound - The requested server key was not found on the current subscription.

  • 409 ServerKeyUriAlreadyExists - The server key URI already exists on the server.

  • 409 ServerKeyDoesNotExists - The server key does not exist.

  • 409 AzureKeyVaultKeyNameNotFound - The operation could not be completed because the Azure Key Vault Key name does not exist.

  • 409 AzureKeyVaultKeyInUse - The key is currently being used by the server.

  • 409 ServerKeyNameAlreadyExists - The server key already exists on the server.

  • 503 AzureKeyVaultConnectionFailed - The operation could not be completed on the server because attempts to connect to Azure Key Vault have failed

  • 503 AzureKeyVaultGenericConnectionError - The operation could not be completed because an error was encountered when attempting to retrieve Key Vault information .

Examples

Update the encryption protector to key vault
Update the encryption protector to service managed

Update the encryption protector to key vault

Sample Request

PUT https://management.azure.com/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/sqlcrudtest-7398/providers/Microsoft.Sql/servers/sqlcrudtest-4645/encryptionProtector/current?api-version=2015-05-01-preview
{
  "properties": {
    "serverKeyType": "AzureKeyVault",
    "serverKeyName": "someVault_someKey_01234567890123456789012345678901"
  }
}

Sample Response

{
  "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/sqlcrudtest-7398/providers/Microsoft.Sql/servers/sqlcrudtest-4645/encryptionProtector/current",
  "name": "current",
  "type": "Microsoft.Sql/servers/encryptionProtector",
  "location": "West US",
  "kind": "azurekeyvault",
  "properties": {
    "serverKeyName": "someVault_someKey_01234567890123456789012345678901",
    "serverKeyType": "AzureKeyVault"
  }
}

Update the encryption protector to service managed

Sample Request

PUT https://management.azure.com/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/sqlcrudtest-7398/providers/Microsoft.Sql/servers/sqlcrudtest-4645/encryptionProtector/current?api-version=2015-05-01-preview
{
  "properties": {
    "serverKeyType": "ServiceManaged",
    "serverKeyName": "ServiceManaged"
  }
}

Sample Response

{
  "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/sqlcrudtest-7398/providers/Microsoft.Sql/servers/sqlcrudtest-4645/encryptionProtector/current",
  "name": "current",
  "type": "Microsoft.Sql/servers/encryptionProtector",
  "location": "West US",
  "kind": "servicemanaged",
  "properties": {
    "serverKeyName": "ServiceManaged",
    "serverKeyType": "ServiceManaged"
  }
}

Definitions

EncryptionProtector

The server encryption protector.

EncryptionProtectorName

The name of the encryption protector to be updated.

ServerKeyType

The encryption protector type like 'ServiceManaged', 'AzureKeyVault'.

EncryptionProtector

The server encryption protector.

Name Type Description
id
  • string

Resource ID.

kind
  • string

Kind of encryption protector. This is metadata used for the Azure portal experience.

location
  • string

Resource location.

name
  • string

Resource name.

properties.serverKeyName
  • string

The name of the server key.

properties.serverKeyType

The encryption protector type like 'ServiceManaged', 'AzureKeyVault'.

properties.subregion
  • string

Subregion of the encryption protector.

properties.thumbprint
  • string

Thumbprint of the server key.

properties.uri
  • string

The URI of the server key.

type
  • string

Resource type.

EncryptionProtectorName

The name of the encryption protector to be updated.

Name Type Description
current
  • string

ServerKeyType

The encryption protector type like 'ServiceManaged', 'AzureKeyVault'.

Name Type Description
AzureKeyVault
  • string
ServiceManaged
  • string