New-SqlCertificateStoreColumnMasterKeySettings

Creates a SqlColumnMasterKeySettings object referencing the specified certificate.

Syntax

New-SqlCertificateStoreColumnMasterKeySettings
   [-CertificateStoreLocation] <String>
   [-Thumbprint] <String>
   [[-Signature] <String>]
   [-AllowEnclaveComputations]
   [-ProgressAction <ActionPreference>]
   [<CommonParameters>]

Description

The New-SqlCertificateStoreColumnMasterKeySettings cmdlet creates a SqlColumnMasterKeySettings object that references the specified certificate, stored in the Windows Certificate Store, which is intended to be used as a column master key for the Always Encrypted feature.

Module requirements: version 21+ on PowerShell 5.1; version 22+ on PowerShell 7.x.

Examples

Example 1: Create a SqlColumnMasterKeySettings object referencing a certificate

PS C:\> $CMKSettings = New-SqlCertificateStoreColumnMasterKeySettings -CertificateStoreLocation "CurrentUser" -CertificateThumbprint "f2260f28d909d21c642a3d8e0b45a830e79a1420"

This command creates a SqlColumnMasterKeySettings object referencing a certificate in Windows Certificate Store.

Example 2: Create a SqlColumnMasterKeySettings object referencing an enclave-enabled certificate with auto-signed properties

PS C:\>$CMKSettings = New-SqlCertificateStoreColumnMasterKeySettings -CertificateStoreLocation "CurrentUser" -CertificateThumbprint "f2260f28d909d21c642a3d8e0b45a830e79a1420" -AllowEnclaveComputations

This command creates a SqlColumnMasterKeySettings object referencing a certificate in Windows Certificate Store that allows enclave computations. Since Signature is not specified, the cmdlet automatically computes the signature and populates the Signature property of the SqlColumnMasterKeySettings object.

Example 3: Create a SqlColumnMasterKeySettings object referencing an enclave-enabled certificate

PS C:\>$CMKSettings = New-SqlCertificateStoreColumnMasterKeySettings -CertificateStoreLocation "CurrentUser" -CertificateThumbprint "f2260f28d909d21c642a3d8e0b45a830e79a1420" -AllowEnclaveComputations -Signature "0x19BEB4F27F582FDBBD0C7E5F92CF161D79D5E7F5A5183F9C8E710252E7028A3654FBEAF834EE45925024F1A32BD3C6D7D92B46E38690830E20E0777607B073E6665EB05E39263C02557D1208ACECB2251A108D0DEFC25232B67FD223C590258C817292FAFCE2388507812D64A0AEC9E546B0B8E4B2F3EA436053CB158F3CF478C5F5EDA511D0F752F60C3B129BF21356A93368FCC7FD6FAA8DB4E919EB551F375181CA3F4D0404A811C99BD2C8D10C0003AC12B138371F2D76611768B4E84D44116C42F00D679B36D41FBD9467B58291B1F4348C7B422793DA0614EF980CA0A7F42B6D627AFA5A753F0869D2C2F9B0FD38289D5433CE9266C6F867334654BE12"

This command creates a SqlColumnMasterKeySettings object referencing a certificate in Windows Certificate Store that allows enclave computations. The signature of the certificate properties is specified in the Signature parameter.

Parameters

-AllowEnclaveComputations

Specifies whether the column master key allows enclave computations. If the parameter is specified, server-side secure enclaves will be allowed to perform computations on data protected with the column master key. Not valid for SQL Server 2017 and older versions.

Type:SwitchParameter
Position:2
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-CertificateStoreLocation

Specifies the certificate store location, containing the certificate. The acceptable values for this parameter are:

  • CurrentUser
  • LocalMachine
Type:String
Position:0
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-ProgressAction

Determines how PowerShell responds to progress updates generated by a script, cmdlet, or provider, such as the progress bars generated by the Write-Progress cmdlet. The Write-Progress cmdlet creates progress bars that show a command's status.

Type:ActionPreference
Aliases:proga
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Signature

Specifies a hexadecimal string that is a digital signature of column master key properties. A client driver can verify the signature to ensure the column master key properties have not been tampered with. This parameter is allowed only if AllowEnclaveComputations is specified. If AllowEnclaveComputations is specified, but Signature is not, the cmdlet automatically computes the signature and populates the Signature property of the new SqlColumnMasterKeySettings object.

Type:String
Position:3
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Thumbprint

Specifies the thumbprint of the certificate.

Type:String
Position:1
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

Outputs

SqlColumnMasterKeySettings