Set-AzSqlServerTransparentDataEncryptionProtector

Sets the Transparent Data Encryption (TDE) protector for a SQL server.

Syntax

Set-AzSqlServerTransparentDataEncryptionProtector
   [-Type] <EncryptionProtectorType>
   [[-KeyId] <String>]
   [-Force]
   [-AsJob]
   [-ServerName] <String>
   [-ResourceGroupName] <String>
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

The Set-AzSqlServerTransparentDataEncryptionProtector cmdlet sets the TDE protector for a SQL server. Changing the TDE protector type will rotate the protector.

Examples

Example 1: Set the Transparent Data Encryption (TDE) protector type to ServiceManaged

PS C:\> Set-AzSqlServerTransparentDataEncryptionProtector -Type ServiceManaged -ServerName 'ContosoServer' -ResourceGroup 'ContosoResourceGroup'

This command updates a server's TDE protector type to Service Managed. ResourceGroupName ServerName Type ServerKeyVaultKeyName


ContosoResourceGroup ContosoServer ServiceManaged ServiceManaged

Example 2: Set the Transparent Data Encryption protector type to Azure Key Vault

PS C:\> Set-AzSqlServerTransparentDataEncryptionProtector -Type AzureKeyVault -KeyId 'https://contoso.vault.azure.net/keys/contosokey/01234567890123456789012345678901' -ServerName 'ContosoServer' -ResourceGroup 'ContosoResourceGroup'

This command updates a server to use the Server Key Vault Key with Id 'https://contoso.vault.azure.net/keys/contosokey/01234567890123456789012345678901' as the TDE protector. ResourceGroupName ServerName Type ServerKeyVaultKeyName


ContosoResourceGroup ContosoServer AzureKeyVault contoso_contosokey_01234567890123456789012345678901

Parameters

-AsJob

Run cmdlet in the background

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:False
Accept pipeline input:False
Accept wildcard characters:False
-DefaultProfile

The credentials, account, tenant, and subscription used for communication with azure

Type:Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer
Aliases:AzContext, AzureRmContext, AzureCredential
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Force

Skip confirmation message for performing the action

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-KeyId

The Azure Key Vault KeyId.

Type:String
Position:3
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False
-ResourceGroupName

The name of the resource group

Type:String
Position:0
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False
-ServerName

The Azure Sql Server name.

Type:String
Position:1
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False
-Type

The Azure Sql Database TDE protector type.

Type:Microsoft.Azure.Commands.Sql.TransparentDataEncryption.Model.EncryptionProtectorType
Accepted values:AzureKeyVault, ServiceManaged
Position:2
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False
-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

Microsoft.Azure.Commands.Sql.TransparentDataEncryption.Model.EncryptionProtectorType

String

Outputs

AzureSqlServerTransparentDataEncryptionProtectorModel