Encryption

Enable-DbaForceNetworkEncryption

Chrissy LeMaire (@cl), netnerds.net

Enable-DbaForceNetworkEncryption View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Configures SQL Server to require encrypted connections from all clients by modifying the Windows registry Description Modifies the Windows registry to force all client connections to SQL Server to use encryption, regardless of the client’s encryption settings. This security feature ensures that all data transmitted between clients and SQL Server is encrypted, protecting against network eavesdropping and man-in-the-middle attacks.

Get-DbaDbEncryption

Stephen Bennett, sqlnotesfromtheunderground.wordpress.com

Get-DbaDbEncryption View Source Stephen Bennett, sqlnotesfromtheunderground.wordpress.com Windows, Linux, macOS Synopsis Retrieves comprehensive encryption inventory from SQL Server databases including TDE status, certificates, and keys. Description Audits database-level encryption across SQL Server instances by examining TDE encryption status, certificates, asymmetric keys, and symmetric keys within each database. Returns detailed information including key algorithms, lengths, owners, backup dates, and expiration dates for compliance reporting and security assessments. Particularly useful for encryption audits, certificate lifecycle management, and ensuring regulatory compliance across your SQL Server environment.

Get-DbaNetworkCertificate

Chrissy LeMaire (@cl), netnerds.net

Get-DbaNetworkCertificate View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Retrieves the certificate currently configured for SQL Server network encryption. Description Retrieves the specific computer certificate that SQL Server is configured to use for network encryption and SSL connections. This shows you which certificate from the local certificate store is actively being used by the SQL Server instance for encrypting client connections. Only returns instances that actually have a certificate configured - instances without certificates won’t appear in the results.

Invoke-DbaDbDecryptObject

Sander Stad (@sqlstad), sqlstad.nl

Invoke-DbaDbDecryptObject View Source Sander Stad (@sqlstad), sqlstad.nl Windows, Linux, macOS Synopsis Decrypts encrypted stored procedures, functions, views, and triggers using Dedicated Admin Connection (DAC) Description Recovers the original source code from encrypted database objects when the original scripts have been lost or are unavailable. This command uses the Dedicated Admin Connection (DAC) to access binary data from sys.sysobjvalues and performs XOR decryption to retrieve the original T-SQL code. This is particularly useful in disaster recovery scenarios where you need to recreate objects but only have access to the encrypted versions in the database.

Test-DbaBackupEncrypted

Chrissy LeMaire (@cl), netnerds.net

Test-DbaBackupEncrypted View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Analyzes backup files to determine encryption status and retrieve encryption details Description Examines SQL Server backup files to identify whether they contain encrypted data, either through backup encryption or Transparent Data Encryption (TDE). Uses RESTORE HEADERONLY and RESTORE FILELISTONLY commands to inspect backup headers and file metadata without actually restoring the database. This helps DBAs verify encryption compliance, troubleshoot restore issues, and maintain inventory of encrypted backups across their environment.