Add-DbaComputerCertificate View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS On this page: Synopsis · Description · Syntax · Examples · Parameters · Outputs Synopsis Imports X.509 certificates into the Windows certificate store on local or remote computers.
Description Imports X.509 certificates (including password-protected .pfx files with private keys) into the specified Windows certificate store on one or more computers. This function is essential for SQL Server TLS/SSL encryption setup, Availability Group certificate requirements, and Service Broker security configurations.
Backup-DbaComputerCertificate View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS On this page: Synopsis · Description · Syntax · Examples · Parameters · Outputs Synopsis Exports computer certificates to disk for SQL Server network encryption backup and disaster recovery.
Description Exports computer certificates from the local or remote certificate store to files on disk. This is essential for backing up certificates used for SQL Server network encryption before server migrations, certificate renewals, or disaster recovery scenarios.
Backup-DbaDbCertificate View Source Jess Pomfret (@jpomfret) Windows, Linux, macOS On this page: Synopsis · Description · Syntax · Examples · Parameters · Outputs Synopsis Exports database certificates and private keys to physical backup files on SQL Server instances.
Description Backs up database certificates by exporting them to .cer (certificate) and .pvk (private key) files on the SQL Server file system. This is essential for disaster recovery scenarios where you need to restore encrypted databases or migrate certificates to another instance.
Backup-DbaDbMasterKey View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS On this page: Synopsis · Description · Syntax · Examples · Parameters · Outputs Synopsis Exports database master keys to encrypted backup files for disaster recovery and compliance.
Description Creates encrypted backup files of database master keys from one or more SQL Server databases. Database master keys are essential for Transparent Data Encryption (TDE), column-level encryption, and other SQL Server encryption features.
Backup-DbaServiceMasterKey View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS On this page: Synopsis · Description · Syntax · Examples · Parameters · Outputs Synopsis Exports SQL Server Service Master Key to an encrypted backup file for disaster recovery.
Description Creates an encrypted backup of the SQL Server Service Master Key (SMK), which sits at the top of SQL Server’s encryption hierarchy. The Service Master Key encrypts Database Master Keys and certificates, making its backup critical for disaster recovery scenarios where encrypted databases need to be restored or moved between servers.
Copy-DbaDbCertificate View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS On this page: Synopsis · Description · Syntax · Examples · Parameters · Outputs Synopsis Copies database-level certificates from source SQL Server to destination servers, including private keys and master key dependencies.
Description Transfers database certificates between SQL Server instances by backing them up from source databases and restoring them to matching databases on destination servers. This function handles the complex certificate migration process that’s essential when moving databases with Transparent Data Encryption (TDE) or other certificate-based security features.
Disable-DbaDbEncryption View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS On this page: Synopsis · Description · Syntax · Examples · Parameters · Outputs Synopsis Disables Transparent Data Encryption (TDE) on SQL Server databases and removes encryption keys
Description Disables Transparent Data Encryption (TDE) on specified databases by setting EncryptionEnabled to false and monitoring the decryption process until completion. Since TDE is not fully disabled until the Database Encryption Key (DEK) is removed, this command drops the encryption key by default to complete the decryption process.
Disable-DbaForceNetworkEncryption View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS On this page: Synopsis · Description · Syntax · Examples · Parameters · Outputs Synopsis Disables Force Network Encryption setting in SQL Server Configuration Manager
Description Modifies the Windows registry to disable Force Network Encryption for SQL Server instances, allowing unencrypted client connections. This is useful when troubleshooting connectivity issues, working with legacy applications that don’t support encryption, or when encryption is handled at the network level.
Enable-DbaDbEncryption View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS On this page: Synopsis · Description · Syntax · Examples · Parameters · Outputs Synopsis Enables Transparent Data Encryption (TDE) on SQL Server databases
Description Enables Transparent Data Encryption (TDE) on specified databases to protect data at rest. This is essential for compliance with regulations like HIPAA, PCI-DSS, and organizational security policies. The function automatically creates a Database Encryption Key (DEK) if one doesn’t exist, using a certificate from the master database to encrypt it.
Enable-DbaForceNetworkEncryption View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS On this page: Synopsis · Description · Syntax · Examples · Parameters · Outputs Synopsis Configures SQL Server to require encrypted connections from all clients by modifying the Windows registry
Description Modifies the Windows registry to force all client connections to SQL Server to use encryption, regardless of the client’s encryption settings. This security feature ensures that all data transmitted between clients and SQL Server is encrypted, protecting against network eavesdropping and man-in-the-middle attacks.
dbatools