Set-AzSqlInstanceTransparentDataEncryptionProtector
Sets the Transparent Data Encryption (TDE) protector for a SQL managed instance.
Syntax
AzureSqlRmManagedInstanceTransparentDataEncryptionProtectorDefaultParameterSet (Default)
Set-AzSqlInstanceTransparentDataEncryptionProtector
[-Type] <EncryptionProtectorType>
[[-KeyId] <String>]
[-ResourceGroupName] <String>
[-InstanceName] <String>
[-AutoRotationEnabled <Boolean>]
[-Force]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Set-AzSqlInstanceTransparentDataEncryptionProtector
[-Type] <EncryptionProtectorType>
[[-KeyId] <String>]
[-Instance] <AzureSqlManagedInstanceModel>
[-AutoRotationEnabled <Boolean>]
[-Force]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
AzureSqlRmManagedInstanceTransparentDataEncryptionProtectorResourceIdParameterSet
Set-AzSqlInstanceTransparentDataEncryptionProtector
[-Type] <EncryptionProtectorType>
[[-KeyId] <String>]
[-InstanceResourceId] <String>
[-AutoRotationEnabled <Boolean>]
[-Force]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
The Set-AzSqlInstanceTransparentDataEncryptionProtector cmdlet sets the TDE protector for a SQL managed instance. Changing the TDE protector type will rotate the protector.
Examples
Example 1: Set the Transparent Data Encryption (TDE) protector type to ServiceManaged
Set-AzSqlInstanceTransparentDataEncryptionProtector -ResourceGroupName 'ContosoResourceGroup' -InstanceName 'ContosoManagedInstanceName' -Type ServiceManaged
ResourceGroupName : ContosoResourceGroup
ManagedInstanceName : ContosoManagedInstanceName
Type : ServiceManaged
ManagedInstanceKeyVaultKeyName : ServiceManaged
KeyId :
This command updates a managed instance's TDE protector type to Service Managed.
Example 2: Set the Transparent Data Encryption protector type to Azure Key Vault
Set-AzSqlInstanceTransparentDataEncryptionProtector -ResourceGroupName 'ContosoResourceGroup' -InstanceName 'ContosoManagedInstanceName' -Type AzureKeyVault -KeyId 'https://contoso.vault.azure.net/keys/contosokey/01234567890123456789012345678901'
ResourceGroupName : ContosoResourceGroup
ManagedInstanceName : ContosoManagedInstanceName
Type : AzureKeyVault
ManagedInstanceKeyVaultKeyName : contoso_contosokey_01234567890123456789012345678901
KeyId : https://contoso.vault.azure.net/keys/contosokey/01234567890123456789012345678901
This command updates the specified managed instance to use the Managed instance Key Vault Key with Id 'https://contoso.vault.azure.net/keys/contosokey/01234567890123456789012345678901' as the TDE protector.
Example 3: Set the Transparent Data Encryption protector type to Azure Key Vault using managed instance object
$managedInstance = Get-AzSqlInstance -Name 'ContosoManagedInstanceName' -ResourceGroupName 'ContosoResourceGroup'
Set-AzSqlInstanceTransparentDataEncryptionProtector -Instance $managedInstance -Type AzureKeyVault -KeyId 'https://contoso.vault.azure.net/keys/contosokey/01234567890123456789012345678901'
ResourceGroupName : ContosoResourceGroup
ManagedInstanceName : ContosoManagedInstanceName
Type : AzureKeyVault
ManagedInstanceKeyVaultKeyName : contoso_contosokey_01234567890123456789012345678901
KeyId : https://contoso.vault.azure.net/keys/contosokey/01234567890123456789012345678901
This command updates the specified managed instance to use the Managed instance Key Vault Key with Id 'https://contoso.vault.azure.net/keys/contosokey/01234567890123456789012345678901' as the TDE protector.
Example 4: Set the Transparent Data Encryption protector type to Azure Key Vault using resource id
$managedInstance = Get-AzSqlInstance -Name 'ContosoManagedInstanceName' -ResourceGroupName 'ContosoResourceGroup'
Set-AzSqlInstanceTransparentDataEncryptionProtector -InstanceResourceId $managedInstance.ResourceId -Type AzureKeyVault -KeyId 'https://contoso.vault.azure.net/keys/contosokey/01234567890123456789012345678901'
ResourceGroupName : ContosoResourceGroup
ManagedInstanceName : ContosoManagedInstanceName
Type : AzureKeyVault
ManagedInstanceKeyVaultKeyName : contoso_contosokey_01234567890123456789012345678901
KeyId : https://contoso.vault.azure.net/keys/contosokey/01234567890123456789012345678901
This command updates the specified managed instance to use the Managed instance Key Vault Key with Id 'https://contoso.vault.azure.net/keys/contosokey/01234567890123456789012345678901' as the TDE protector.
Example 5: Set the Transparent Data Encryption protector type to Azure Key Vault using piping
$managedInstance = Get-AzSqlInstance -Name 'ContosoManagedInstanceName' -ResourceGroupName 'ContosoResourceGroup'
$managedInstance | Set-AzSqlInstanceTransparentDataEncryptionProtector -Type AzureKeyVault -KeyId 'https://contoso.vault.azure.net/keys/contosokey/01234567890123456789012345678901'
ResourceGroupName : ContosoResourceGroup
ManagedInstanceName : ContosoManagedInstanceName
Type : AzureKeyVault
ManagedInstanceKeyVaultKeyName : contoso_contosokey_01234567890123456789012345678901
KeyId : https://contoso.vault.azure.net/keys/contosokey/01234567890123456789012345678901
This command updates the specified managed instance to use the Managed instance Key Vault Key with Id 'https://contoso.vault.azure.net/keys/contosokey/01234567890123456789012345678901' as the TDE protector.
Parameters
-AutoRotationEnabled
The key auto rotation opt-in status.
Parameter properties
Parameter sets
(All)
Position: Named
Mandatory: False
Value from pipeline: False
Value from pipeline by property name: True
Value from remaining arguments: False
-Confirm
Prompts you for confirmation before running the cmdlet.
Parameter properties
Type: SwitchParameter
Default value: None
Supports wildcards: False
DontShow: False
Aliases: cf
Parameter sets
(All)
Position: Named
Mandatory: False
Value from pipeline: False
Value from pipeline by property name: False
Value from remaining arguments: False
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with Azure.
Parameter properties
Type: IAzureContextContainer
Default value: None
Supports wildcards: False
DontShow: False
Aliases: AzContext, AzureRmContext, AzureCredential
Parameter sets
(All)
Position: Named
Mandatory: False
Value from pipeline: False
Value from pipeline by property name: False
Value from remaining arguments: False
-Force
Skip confirmation message for performing the action
Parameter properties
Type: SwitchParameter
Default value: None
Supports wildcards: False
DontShow: False
Parameter sets
(All)
Position: Named
Mandatory: False
Value from pipeline: False
Value from pipeline by property name: False
Value from remaining arguments: False
-Instance
The instance input object
Parameter properties
Parameter sets
AzureSqlRmManagedInstanceTransparentDataEncryptionProtectorInputObjectParameterSet
Position: 0
Mandatory: True
Value from pipeline: True
Value from pipeline by property name: False
Value from remaining arguments: False
-InstanceName
The instance name
Parameter properties
Type: String
Default value: None
Supports wildcards: False
DontShow: False
Parameter sets
AzureSqlRmManagedInstanceTransparentDataEncryptionProtectorDefaultParameterSet
Position: 1
Mandatory: True
Value from pipeline: False
Value from pipeline by property name: False
Value from remaining arguments: False
-InstanceResourceId
The instance resource id
Parameter properties
Type: String
Default value: None
Supports wildcards: False
DontShow: False
Aliases: ResourceId
Parameter sets
AzureSqlRmManagedInstanceTransparentDataEncryptionProtectorResourceIdParameterSet
Position: 0
Mandatory: True
Value from pipeline: False
Value from pipeline by property name: True
Value from remaining arguments: False
-KeyId
The Azure Key Vault KeyId.
Parameter properties
Type: String
Default value: None
Supports wildcards: False
DontShow: False
Parameter sets
(All)
Position: 2
Mandatory: False
Value from pipeline: False
Value from pipeline by property name: False
Value from remaining arguments: False
-ResourceGroupName
The Resource Group Name
Parameter properties
Type: String
Default value: None
Supports wildcards: False
DontShow: False
Parameter sets
AzureSqlRmManagedInstanceTransparentDataEncryptionProtectorDefaultParameterSet
Position: 0
Mandatory: True
Value from pipeline: False
Value from pipeline by property name: False
Value from remaining arguments: False
-Type
The Azure Sql Database Transparent Data Encryption Protector type.
Parameter properties
Type: EncryptionProtectorType
Default value: None
Accepted values: AzureKeyVault, ServiceManaged
Supports wildcards: False
DontShow: False
Parameter sets
(All)
Position: 1
Mandatory: True
Value from pipeline: False
Value from pipeline by property name: False
Value from remaining arguments: False
-WhatIf
Shows what would happen if the cmdlet runs.
The cmdlet is not run.
Parameter properties
Type: SwitchParameter
Default value: None
Supports wildcards: False
DontShow: False
Aliases: wi
Parameter sets
(All)
Position: Named
Mandatory: False
Value from pipeline: False
Value from pipeline by property name: False
Value from remaining arguments: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable,
-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable,
-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see
about_CommonParameters .
Outputs