Copy-DbaDbCertificate

Want to see the source code for this command? Check out Copy-DbaDbCertificate on GitHub.
Want to see the Bill Of Health for this command? Check out Copy-DbaDbCertificate.

Synopsis

Copy-DbaDbCertificate migrates certificates from one SQL Server to another.

Description

By default, all certificates are copied.

If the certificate already exists on the destination, it will be skipped.

Syntax

Copy-DbaDbCertificate
    [-Source] <DbaInstanceParameter>
    [[-SourceSqlCredential] <PSCredential>]
    [-Destination] <DbaInstanceParameter[]>
    [[-DestinationSqlCredential] <PSCredential>]
    [[-Database] <String[]>]
    [[-ExcludeDatabase] <String[]>]
    [[-Certificate] <String[]>]
    [[-ExcludeCertificate] <String[]>]
    [[-SharedPath] <String>]
    [[-MasterKeyPassword] <SecureString>]
    [[-EncryptionPassword] <SecureString>]
    [[-DecryptionPassword] <SecureString>]
    [-EnableException]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

Examples

Example: 1

PS C:\> Copy-DbaDbCertificate -Source sql01 -Destination sql02 -EncryptionPassword $cred.Password -MasterKeyPassword $cred.Password -SharedPath \\nas\sql\shared

Copies database certificates for matching databases on sql02 and creates master keys if needed
Uses password from $cred object created by Get-Credential

Example: 2

PS C:\> $params1 = @{
>>      Source = "sql01"
>>      Destination = "sql02"
>>      EncryptionPassword = $passwd
>>      MasterKeyPassword = $passwd
>>      SharedPath = "\\nas\sql\shared"
>>  }
PS C:\> Copy-DbaDbCertificate @params1 -Confirm:$false -OutVariable results

Copies database certificates for matching databases on sql02 and creates master keys if needed

Required Parameters

-Source

Source SQL Server. You must have sysadmin access and server version must be SQL Server version 2000 or higher.

-Destination

Destination SQL Server. You must have sysadmin access and the server must be SQL Server 2000 or higher.

Optional Parameters

-SourceSqlCredential

Login to the target instance using alternative credentials. Accepts PowerShell credentials (Get-Credential).
Windows Authentication, SQL Server Authentication, Active Directory - Password, and Active Directory - Integrated are all supported.
For MFA support, please use Connect-DbaInstance.

-DestinationSqlCredential

Login to the target instance using alternative credentials. Accepts PowerShell credentials (Get-Credential).
Windows Authentication, SQL Server Authentication, Active Directory - Password, and Active Directory - Integrated are all supported.
For MFA support, please use Connect-DbaInstance.

-Database

The database(s) to process.

-ExcludeDatabase

The database(s) to exclude.

-Certificate

The certificate(s) to process.

-ExcludeCertificate

The certificate(s) to exclude.

-SharedPath

Specifies the network location for the backup files. The SQL Server service accounts on both Source and Destination must have read/write permission to access this location.

-MasterKeyPassword

The password to encrypt the exported key. This must be a SecureString.

-EncryptionPassword

A string value that specifies the secure password to encrypt the private key.

-DecryptionPassword

Secure string used to decrypt the private key.

-EnableException

By default, when something goes wrong we try to catch it, interpret it and give you a friendly warning message.
This avoids overwhelming you with "sea of red" exceptions, but is inconvenient because it basically disables advanced scripting.
Using this switch turns this "nice by default" feature off and enables you to catch exceptions with your own try/catch.

-WhatIf

If this switch is enabled, no actions are performed but informational messages will be displayed that explain what would happen if the command were to run.

-Confirm

If this switch is enabled, you will be prompted for confirmation before executing any operations that change state.