Get-DbaComputerCertificate View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Retrieves X.509 certificates from Windows certificate stores that can be used for SQL Server TLS encryption
Description Scans Windows certificate stores to find X.509 certificates suitable for enabling SQL Server network encryption. By default, returns only certificates with Server Authentication capability from the LocalMachine\My store, which are the certificates SQL Server can actually use for TLS connections. This saves you from manually browsing certificate stores and checking enhanced key usage extensions when configuring Force Encryption or setting up secure SQL Server connections.
Get-DbaDbAsymmetricKey View Source Stuart Moore (@napalmgram), stuart-moore.com Windows, Linux, macOS Synopsis Retrieves asymmetric keys from SQL Server databases for encryption management and security auditing
Description Retrieves asymmetric keys stored in SQL Server databases, including their encryption algorithms, key lengths, owners, and thumbprints.
This function is essential for security audits and encryption key management, allowing DBAs to inventory all asymmetric keys across databases without manually querying system catalogs.
Asymmetric keys are used for encryption, digital signatures, and certificate creation in SQL Server’s transparent data encryption and column-level encryption features.
Get-DbaDbCertificate View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Retrieves database-level certificates from SQL Server databases for security auditing and certificate management
Description Retrieves all certificates stored within SQL Server databases, providing detailed information about each certificate including expiration dates, issuers, and encryption properties. This function is essential for DBAs managing Transparent Data Encryption (TDE), Service Broker security, or other database-level encryption features. Use this to audit certificate inventory across your environment, monitor approaching expiration dates for proactive renewal planning, and ensure compliance with security policies that require certificate tracking and rotation.
Get-DbaDbEncryptionKey View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Retrieves Transparent Data Encryption (TDE) database encryption keys from SQL Server databases
Description Retrieves detailed information about Transparent Data Encryption (TDE) database encryption keys including encryption state, algorithm, and certificate details. This function helps DBAs audit encrypted databases, verify TDE configuration, and gather key information for compliance reporting or troubleshooting encryption issues. Returns comprehensive key properties like thumbprint, encryption type, and important dates for certificate rotation planning.
Get-DbaDbMasterKey View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Retrieves database master key information from SQL Server databases
Description Retrieves database master key objects and their metadata from one or more SQL Server databases. Database master keys are used to encrypt sensitive data through features like Transparent Data Encryption (TDE), column-level encryption, and certificate-based encryption. This function helps DBAs inventory encryption keys across their environment for security audits, compliance reporting, and encryption management.
Get-DbaForceNetworkEncryption View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Retrieves Force Network Encryption configuration from SQL Server’s network settings
Description Retrieves the Force Network Encryption setting and associated certificate from SQL Server’s network configuration stored in the Windows registry. This setting determines whether SQL Server requires all client connections to use encryption, preventing unencrypted communication.
Useful for security audits and compliance checks to verify that network encryption policies are properly configured across your SQL Server estate.
Get-DbaNetworkCertificate View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Retrieves the certificate currently configured for SQL Server network encryption.
Description Retrieves the specific computer certificate that SQL Server is configured to use for network encryption and SSL connections. This shows you which certificate from the local certificate store is actively being used by the SQL Server instance for encrypting client connections. Only returns instances that actually have a certificate configured - instances without certificates won’t appear in the results.
New-DbaComputerCertificate View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Creates a new computer certificate useful for Forcing Encryption
Description Creates a new computer certificate - self-signed or signed by an Active Directory CA, using the Web Server certificate.
By default, a key with a length of 1024 and a friendly name of the machines FQDN is generated.
This command was originally intended to help automate the process so that SSL certificates can be available for enforcing encryption on connections.
New-DbaComputerCertificateSigningRequest View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Generates certificate signing requests for SQL Server instances to enable SSL/TLS encryption and connection security.
Description Creates certificate signing requests (CSRs) that can be submitted to your Certificate Authority to obtain SSL/TLS certificates for SQL Server instances. This eliminates the manual process of creating certificate requests and ensures proper configuration for SQL Server’s encryption requirements.
The function generates both the certificate configuration file (.
New-DbaCredential View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Creates a SQL Server credential for authentication to external resources
Description Creates a SQL Server credential that stores authentication information for connecting to external resources like Azure storage accounts, network shares, or service accounts. Credentials are commonly used for backup to URL operations, SQL Agent job authentication, and accessing external data sources. The function supports various authentication methods including traditional username/password, Azure storage access keys, SAS tokens, and managed identities.
dbatools