Add-DbaComputerCertificate View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Imports X.509 certificates into the Windows certificate store on local or remote computers.
Description Imports X.509 certificates (including password-protected .pfx files with private keys) into the specified Windows certificate store on one or more computers. This function is essential for SQL Server TLS/SSL encryption setup, Availability Group certificate requirements, and Service Broker security configurations.
The function handles both certificate files from disk and certificate objects from the pipeline, supports remote installation via PowerShell remoting, and allows you to control import behavior through various flags like exportable/non-exportable private keys.
Backup-DbaComputerCertificate View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Exports computer certificates to disk for SQL Server network encryption backup and disaster recovery.
Description Exports computer certificates from the local or remote certificate store to files on disk. This is essential for backing up certificates used for SQL Server network encryption before server migrations, certificate renewals, or disaster recovery scenarios. The function works with certificate objects from Get-DbaComputerCertificate and supports multiple export formats including standard .
Backup-DbaDbCertificate View Source Jess Pomfret (@jpomfret) Windows, Linux, macOS Synopsis Exports database certificates and private keys to physical backup files on SQL Server instances.
Description Backs up database certificates by exporting them to .cer (certificate) and .pvk (private key) files on the SQL Server file system. This is essential for disaster recovery scenarios where you need to restore encrypted databases or migrate certificates to another instance. Without backing up certificates, you cannot decrypt TDE-enabled databases or access data encrypted with certificate-based encryption.
Backup-DbaDbMasterKey View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Exports database master keys to encrypted backup files for disaster recovery and compliance.
Description Creates encrypted backup files of database master keys from one or more SQL Server databases. Database master keys are essential for Transparent Data Encryption (TDE), column-level encryption, and other SQL Server encryption features.
This function is critical for disaster recovery planning since losing a database master key makes encrypted data permanently inaccessible.
Backup-DbaServiceMasterKey View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Exports SQL Server Service Master Key to an encrypted backup file for disaster recovery.
Description Creates an encrypted backup of the SQL Server Service Master Key (SMK), which sits at the top of SQL Server’s encryption hierarchy. The Service Master Key encrypts Database Master Keys and certificates, making its backup critical for disaster recovery scenarios where encrypted databases need to be restored or moved between servers.
Copy-DbaDbCertificate View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Copies database-level certificates from source SQL Server to destination servers, including private keys and master key dependencies.
Description Transfers database certificates between SQL Server instances by backing them up from source databases and restoring them to matching databases on destination servers. This function handles the complex certificate migration process that’s essential when moving databases with Transparent Data Encryption (TDE) or other certificate-based security features.
Disable-DbaDbEncryption View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Disables Transparent Data Encryption (TDE) on SQL Server databases and removes encryption keys
Description Disables Transparent Data Encryption (TDE) on specified databases by setting EncryptionEnabled to false and monitoring the decryption process until completion. Since TDE is not fully disabled until the Database Encryption Key (DEK) is removed, this command drops the encryption key by default to complete the decryption process.
Disable-DbaForceNetworkEncryption View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Disables Force Network Encryption setting in SQL Server Configuration Manager
Description Modifies the Windows registry to disable Force Network Encryption for SQL Server instances, allowing unencrypted client connections. This is useful when troubleshooting connectivity issues, working with legacy applications that don’t support encryption, or when encryption is handled at the network level. Requires Windows administrator access to the target server and PowerShell remoting.
Enable-DbaDbEncryption View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Enables Transparent Data Encryption (TDE) on SQL Server databases
Description Enables Transparent Data Encryption (TDE) on specified databases to protect data at rest. This is essential for compliance with regulations like HIPAA, PCI-DSS, and organizational security policies. The function automatically creates a Database Encryption Key (DEK) if one doesn’t exist, using a certificate from the master database to encrypt it.
Enable-DbaForceNetworkEncryption View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Configures SQL Server to require encrypted connections from all clients by modifying the Windows registry
Description Modifies the Windows registry to force all client connections to SQL Server to use encryption, regardless of the client’s encryption settings. This security feature ensures that all data transmitted between clients and SQL Server is encrypted, protecting against network eavesdropping and man-in-the-middle attacks.
dbatools