Encryption Protectors - Create Or Update

Updates an existing encryption protector.

PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/encryptionProtector/{encryptionProtectorName}?api-version=2015-05-01-preview

URI Parameters

Name In Required Type Description
subscriptionId
path True
  • string

The subscription ID that identifies an Azure subscription.

resourceGroupName
path True
  • string

The name of the resource group that contains the resource. You can obtain this value from the Azure Resource Manager API or the portal.

serverName
path True
  • string

The name of the server.

encryptionProtectorName
path True

The name of the encryption protector to be updated.

api-version
query True
  • string

The API version to use for the request.

Request Body

Name Required Type Description
kind
  • string

Kind of encryption protector. This is metadata used for the Azure portal experience.

serverKeyName
  • string

The name of the server key.

serverKeyType True

The encryption protector type like 'ServiceManaged', 'AzureKeyVault'.

Responses

Name Type Description
200 OK

Successfully updated the encryption protector.

Other Status Codes

*** Error Responses: ***

  • 400 InvalidKeyName - An invalid value was given for the server key name.

  • 400 InvalidKeyType - The create server key type is not supported.

  • 400 InvalidKeyUpsertRequest - The create server key request does not exist or has no properties object.

  • 400 InvalidEncryptionProtectorName - The encryption protector key name is not supported.

  • 400 AzureKeyVaultInvalidExpirationDate - The operation could not be completed because the Azure Key Vault key expiration date is invalid.

  • 400 AzureKeyVaultInvalidUri - An invalid response from Azure Key Vault. Please use a valid Azure Key Vault URI.

  • 400 AzureKeyVaultMalformedVaultUri - The provided Key Vault uri is not valid.

  • 401 AzureKeyVaultKeyDisabled - The operation could not be completed on the server because the Azure Key Vault key is disabled.

  • 401 AzureKeyVaultNoServerIdentity - The server identity is not correctly configured on server. Please contact support.

  • 401 AzureKeyVaultMissingPermissions - The server is mising required permissions on the Azure Key Vault.

  • 401 AdalGenericError - The operation could not be completed because an Azure Active Directory error was encountered.

  • 401 AdalServicePrincipalNotFound - The operation could not be completed because an Azure Active Directory library Serivce Principal not found error was encountered.

  • 404 SubscriptionDoesNotHaveServer - The requested server was not found

  • 404 ResourceNotFound - The requested resource was not found.

  • 404 ServerKeyNotFound - The requested server key was not found on the current subscription.

  • 409 ServerKeyUriAlreadyExists - The server key URI already exists on the server.

  • 409 ServerKeyDoesNotExists - The server key does not exist.

  • 409 AzureKeyVaultKeyNameNotFound - The operation could not be completed because the Azure Key Vault Key name does not exist.

  • 409 AzureKeyVaultKeyInUse - The key is currently being used by the server.

  • 409 ServerKeyNameAlreadyExists - The server key already exists on the server.

  • 503 AzureKeyVaultConnectionFailed - The operation could not be completed on the server because attempts to connect to Azure Key Vault have failed

  • 503 AzureKeyVaultGenericConnectionError - The operation could not be completed because an error was encountered when attempting to retrieve Key Vault information .

202 Accepted

Accepted

Examples

Update the encryption protector to key vault
Update the encryption protector to service managed

Update the encryption protector to key vault

Sample Request

PUT https://management.azure.com/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/sqlcrudtest-7398/providers/Microsoft.Sql/servers/sqlcrudtest-4645/encryptionProtector/current?api-version=2015-05-01-preview
{
  "properties": {
    "serverKeyType": "AzureKeyVault",
    "serverKeyName": "someVault_someKey_01234567890123456789012345678901"
  }
}

Sample Response

{
  "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/sqlcrudtest-7398/providers/Microsoft.Sql/servers/sqlcrudtest-4645/encryptionProtector/current",
  "name": "current",
  "type": "Microsoft.Sql/servers/encryptionProtector",
  "location": "West US",
  "kind": "azurekeyvault",
  "properties": {
    "serverKeyName": "someVault_someKey_01234567890123456789012345678901",
    "serverKeyType": "AzureKeyVault"
  }
}

Update the encryption protector to service managed

Sample Request

PUT https://management.azure.com/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/sqlcrudtest-7398/providers/Microsoft.Sql/servers/sqlcrudtest-4645/encryptionProtector/current?api-version=2015-05-01-preview
{
  "properties": {
    "serverKeyType": "ServiceManaged",
    "serverKeyName": "ServiceManaged"
  }
}

Sample Response

{
  "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/sqlcrudtest-7398/providers/Microsoft.Sql/servers/sqlcrudtest-4645/encryptionProtector/current",
  "name": "current",
  "type": "Microsoft.Sql/servers/encryptionProtector",
  "location": "West US",
  "kind": "servicemanaged",
  "properties": {
    "serverKeyName": "ServiceManaged",
    "serverKeyType": "ServiceManaged"
  }
}

Definitions

EncryptionProtector
EncryptionProtectorName

The name of the encryption protector to be updated.

ServerKeyType

The encryption protector type like 'ServiceManaged', 'AzureKeyVault'.

Name Type Description
kind
  • string

Kind of encryption protector. This is metadata used for the Azure portal experience.

location
  • string

Resource location.

serverKeyName
  • string

The name of the server key.

serverKeyType

The encryption protector type like 'ServiceManaged', 'AzureKeyVault'.

subregion
  • string

Subregion of the encryption protector.

thumbprint
  • string

Thumbprint of the server key.

uri
  • string

The URI of the server key.

The name of the encryption protector to be updated.

Name Description
current

The encryption protector type like 'ServiceManaged', 'AzureKeyVault'.

Name Description
AzureKeyVault
ServiceManaged