New-AzDataFactoryEncryptValue

Encrypts sensitive data.

Syntax

New-AzDataFactoryEncryptValue
   [-DataFactoryName] <String>
   [[-Value] <SecureString>]
   [-GatewayName] <String>
   [[-Credential] <PSCredential>]
   [[-Type] <String>]
   [[-NonCredentialValue] <String>]
   [[-AuthenticationType] <String>]
   [[-Server] <String>]
   [[-Database] <String>]
   [-ResourceGroupName] <String>
   [-DefaultProfile <IAzureContextContainer>]
   [<CommonParameters>]
New-AzDataFactoryEncryptValue
   [-DataFactory] <PSDataFactory>
   [[-Value] <SecureString>]
   [-GatewayName] <String>
   [[-Credential] <PSCredential>]
   [[-Type] <String>]
   [[-NonCredentialValue] <String>]
   [[-AuthenticationType] <String>]
   [[-Server] <String>]
   [[-Database] <String>]
   [-DefaultProfile <IAzureContextContainer>]
   [<CommonParameters>]

Description

The New-AzDataFactoryEncryptValue cmdlet encrypts sensitive data, such as a password or a Microsoft SQL Server connection string, and returns an encrypted value.

Examples

Example 1: Encrypt a non-ODBC connection string

$Value = ConvertTo-SecureString 'Data Source=ContosoServer;Initial Catalog=catalog;user id =user123;password=password123' -AsPlainText -Force 
New-AzDataFactoryEncryptValue -GatewayName "WikiGateway" -DataFactoryName "WikiAdf" -Value $value -ResourceGroupName "ADF" -Type OnPremisesSqlLinkedService

The first command uses the ConvertTo-SecureString cmdlet to convert the specified connection string to a SecureString object, and then stores that object in the $Value variable. For more information, type Get-Help ConvertTo-SecureString. Allowed values: SQL Server or Oracle connection string. The second command creates an encrypted value for the object stored in $Value for the specified data factory, gateway, resource group, and linked service type.

Example 2: Encrypt a non-ODBC connection string that uses Windows authentication.

$Value = ConvertTo-SecureString 'Data Source=ContosoServer;Initial Catalog=catalog;Integrated Security=True' -AsPlainText -Force
$Credential = Get-Credential
New-AzDataFactoryEncryptValue -DataFactoryName "WikiADF" -GatewayName "WikiGateway" -ResourceGroupName "ADF" -Value $Value -Credential $Credential -Type OnPremisesSqlLinkedService

The first command uses ConvertTo-SecureString to convert the specified connection string to a secure string object, and then stores that object in the $Value variable. The second command uses the Get-Credential cmdlet to collect the windows authentication (user name and password), and then stores that PSCredential object in the $Credential variable. For more information, type Get-Help Get-Credential. The third command creates an encrypted value for the object stored in $Value and $Credential for the specified data factory, gateway, resource group, and linked service type.

Example 3: Encrypt server name and credentials for File system linked service

$Value = ConvertTo-SecureString '\\servername' -AsPlainText -Force
$Credential = Get-Credential
New-AzDataFactoryEncryptValue -DataFactoryName "WikiADF" -GatewayName "WikiGateway" -ResourceGroupName "ADF" -Value $Value -Credential $Credential -Type OnPremisesFileSystemLinkedService

The first command uses ConvertTo-SecureString to convert the specified string to a secure string, and then stores that object in the $Value variable. The second command uses Get-Credential to collect the Windows authentication (user name and password), and then stores that PSCredential object in the $Credential variable. The third command creates an encrypted value for the object stored in $Value and $Credential for the specified data factory, gateway, resource group, and linked service type.

Example 4: Encrypt credentials for HDFS linked service

$UserName = ConvertTo-SecureString "domain\\username" -AsPlainText -Force
$Password = ConvertTo-SecureString "password" -AsPlainText -Force
$Credential = New-Object System.Management.Automation.PSCredential ($UserName, $Password)
New-AzDataFactoryEncryptValue -DataFactoryName "MyDataFactory" -ResourceGroupName "MyResourceGroup" -GatewayName "MyDataManagementGateway" -Type HdfsLinkedService -AuthenticationType Windows -Credential $Credential -NonCredentialValue "http://server01.com:50070/webhdfs/v1/user/username"

The ConvertTo-SecureString command converts the specified string to a secure string. The New-Object command creates a PSCredential object using the secure username and password strings. Instead, you could use the Get-Credential command to collect Windows authentication (user name and password), and then store the returned PSCredential object in the $credential variable as shown in previous examples. The New-AzDataFactoryEncryptValue command creates an encrypted value for the object stored in $Credential for the specified data factory, gateway, resource group, and linked service type.

Example 5: Encrypt credentials for ODBC linked service

$Content = ConvertTo-SecureString "UID=username@contoso;PWD=password;" -AsPlainText -Force
New-AzDataFactoryEncryptValue -ResourceGroupName $RGName -DataFactoryName $DFName -GatewayName $Gateway -Type OnPremisesOdbcLinkedService -AuthenticationType Basic -NonCredentialValue "Driver={SQL Server};Server=server01.database.contoso.net; Database=HDISScenarioTest;" -Value $content

The ConvertTo-SecureString command converts the specified string to a secure string. The New-AzDataFactoryEncryptValue command creates an encrypted value for the object stored in $Value for the specified data factory, gateway, resource group, and linked service type.

Parameters

-AuthenticationType

Specifies the type of authentication to be used to connect to the data source. The acceptable values for this parameter are:

  • Windows
  • Basic
  • Anonymous.
Type:String
Accepted values:Windows, Basic, Anonymous
Position:6
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Credential

Specifies the Windows authentication credentials (user name and password) to be used. This cmdlet encrypts the credential data you specify here.

Type:PSCredential
Position:3
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Database

Specifies the database name of the linked service.

Type:String
Position:8
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DataFactory

Specifies a PSDataFactory object. This cmdlet encrypts data for the data factory that this parameter specifies.

Type:PSDataFactory
Position:0
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-DataFactoryName

Specifies the name of a data factory. This cmdlet encrypts data for the data factory that this parameter specifies.

Type:String
Position:1
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-DefaultProfile

The credentials, account, tenant, and subscription used for communication with azure

Type:IAzureContextContainer
Aliases:AzContext, AzureRmContext, AzureCredential
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-GatewayName

Specifies the name of the gateway. This cmdlet encrypts data for the gateway that this parameter specifies.

Type:String
Position:2
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-NonCredentialValue

Specifies the non-credential part of the Open Database Connectivity (ODBC) connection string. This parameter is applicable only for the ODBC linked service.

Type:String
Position:5
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ResourceGroupName

Specifies the name of an Azure resource group. This cmdlet encrypts data for the group that this parameter specifies.

Type:String
Position:0
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-Server

Specifies the server name of the linked service.

Type:String
Position:7
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Type

Specifies the linked service type. This cmdlet encrypts data for the linked service type that this parameter specifies. The acceptable values for this parameter are:

  • OnPremisesSqlLinkedService
  • OnPremisesFileSystemLinkedService
  • OnPremisesOracleLinkedService
  • OnPremisesOdbcLinkedService
  • OnPremisesPostgreSqlLinkedService
  • OnPremisesTeradataLinkedService
  • OnPremisesMySQLLinkedService
  • OnPremisesDB2LinkedService
  • OnPremisesSybaseLinkedService
Type:String
Accepted values:OnPremisesSqlLinkedService, OnPremisesFileSystemLinkedService, OnPremisesOracleLinkedService, OnPremisesOdbcLinkedService, OnPremisesPostgreSqlLinkedService, OnPremisesTeradataLinkedService, OnPremisesMySQLLinkedService, OnPremisesDB2LinkedService, OnPremisesSybaseLinkedService, HdfsLinkedService
Position:4
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Value

Specifies the value to encrypt. For an on-premises SQL Server linked service and an on-premises Oracle linked service, use a connection string. For an on-premises ODBC linked service, use the credential part of the connection string. For on premises file system linked service, if the file system is local to the gateway computer, use Local or localhost, and if the file system is on a server different from the gateway computer, use \\servername.

Type:SecureString
Position:1
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

PSDataFactory

String

Outputs

String

Notes

  • Keywords: azure, azurerm, arm, resource, management, manager, data, factories