New-DbaDbCertificate View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Creates a new database certificate for encryption and security purposes
Description Creates a new database certificate within a specified database using SQL Server Management Objects. Database certificates are essential for implementing Transparent Data Encryption (TDE), encrypting stored procedures and functions, securing Service Broker dialogs, and enabling column-level encryption. The certificate can be password-protected or secured by the database master key, with configurable expiration dates and subject information.
New-DbaDbEncryptionKey View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Creates database encryption keys for Transparent Data Encryption (TDE)
Description Creates database encryption keys (DEKs) required for Transparent Data Encryption, using certificates or asymmetric keys from the master database. This is the essential first step before enabling TDE on any database to encrypt data at rest. The function automatically validates that certificates have been backed up before creating encryption keys, preventing potential data loss scenarios.
New-DbaDbMasterKey View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Creates a database master key for encryption operations
Description Creates a database master key, which is required for implementing Transparent Data Encryption (TDE), Always Encrypted, or other database-level encryption features. The master key serves as the root encryption key that protects other encryption keys within the database. Defaults to creating the key in the master database if no specific database is specified, and will prompt securely for a password if none is provided.
New-DbaServiceMasterKey View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Creates a service master key in the master database for instance-level encryption hierarchy
Description Creates a service master key in the master database, which sits at the top of SQL Server’s encryption hierarchy. The service master key automatically encrypts and protects database master keys, certificates, and other encryption objects across all databases on the instance. This is typically the first step when implementing any encryption strategy on a SQL Server instance, as it eliminates the need to manually manage individual database master key passwords.
Read-DbaAuditFile View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Parses SQL Server audit files (.sqlaudit) into structured event data for security analysis and compliance reporting.
Description Reads and parses SQL Server audit files (.sqlaudit) created by SQL Server Audit functionality, converting binary audit data into readable PowerShell objects. Each audit event is returned with its timestamp, event details, fields, and actions in a structured format that’s easy to filter, export, or analyze.
Remove-DbaComputerCertificate View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Removes certificates from Windows certificate stores on local or remote computers
Description Removes certificates from Windows certificate stores on local or remote computers using PowerShell remoting. This is essential for managing SSL/TLS certificates used by SQL Server instances for encrypted connections and authentication. DBAs commonly use this to clean up expired certificates, remove compromised certificates during security incidents, or manage certificate lifecycle during SQL Server migrations and decommissions.
Remove-DbaCredential View Source Mikey Bronowski (@MikeyBronowski), bronowski.it Windows, Linux, macOS Synopsis Removes SQL credential(s).
Description Removes the SQL credential(s) that have passed through the pipeline.
If not used with a pipeline, Get-DbaCredential will be executed with the parameters provided
and the returned SQL credential(s) will be removed.
Syntax Remove-DbaCredential [-SqlInstance <DbaInstanceParameter[]>] [-SqlCredential <PSCredential>] [-Credential <String[]>] [-ExcludeCredential <String[]>] [-Identity <String[]>] [-ExcludeIdentity <String[]>] [-WhatIf] [-Confirm] [<CommonParameters>] Remove-DbaCredential [-SqlInstance <DbaInstanceParameter[]>] [-SqlCredential <PSCredential>] [-Credential <String[]>] [-ExcludeCredential <String[]>] [-Identity <String[]>] [-ExcludeIdentity <String[]>] -InputObject <Credential[]> [-EnableException] [-WhatIf] [-Confirm] [<CommonParameters>] Examples Example: 1 PS C:\> Remove-DbaCredential -SqlInstance localhost, localhost\namedinstance Removes all SQL credentials on the localhost, localhost\namedinstance instances.
Remove-DbaDbAsymmetricKey View Source Stuart Moore (@napalmgram), stuart-moore.com Windows, Linux, macOS Synopsis Removes asymmetric keys from SQL Server databases
Description Removes asymmetric keys from SQL Server databases by executing DROP ASYMMETRIC KEY commands. Asymmetric keys are part of SQL Server’s cryptographic hierarchy used for encryption, digital signatures, and protecting symmetric keys or certificates. This function helps DBAs clean up unused encryption objects during security audits, decommission old encryption schemes, or remove keys that are no longer needed for compliance requirements.
Remove-DbaDbCertificate View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Removes database certificates from SQL Server databases
Description Removes database certificates from specified SQL Server databases using the DROP CERTIFICATE statement. This function is commonly used during certificate rotation, security cleanup, or when decommissioning encryption features like Transparent Data Encryption (TDE) or Always Encrypted. Certificates can be targeted individually by name or removed in bulk using pipeline input from Get-DbaDbCertificate.
Remove-DbaDbEncryptionKey View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Removes database encryption keys from SQL Server databases to disable Transparent Data Encryption
Description Removes database encryption keys (DEK) from specified databases by executing DROP DATABASE ENCRYPTION KEY. This is typically used when disabling Transparent Data Encryption (TDE) on a database or during encryption key rotation workflows. The database must be unencrypted before the key can be removed, so run ALTER DATABASE [database] SET ENCRYPTION OFF first if TDE is currently active.
dbatools