| Author | Chrissy LeMaire (@cl), netnerds.net |
| Availability | Windows, Linux, macOS |
Want to see the source code for this command? Check out Enable-DbaDbEncryption on GitHub.
Want to see the Bill Of Health for this command? Check out Enable-DbaDbEncryption.
Enables encryption on a database
Enables encryption on a database
Enable-DbaDbEncryption
[[-SqlInstance] <DbaInstanceParameter[]>]
[[-SqlCredential] <PSCredential>]
[[-Database] <String[]>]
[[-EncryptorName] <String>]
[[-InputObject] <Database[]>]
[-Force]
[-EnableException]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
PS C:\> Enable-DbaDbEncryption -SqlInstance sql2017, sql2016 -Database pubs
Enables database encryption on the pubs database on sql2017 and sql2016
PS C:\> Enable-DbaDbEncryption -SqlInstance sql2017 -Database db1 -Confirm:$false
Suppresses all prompts to enable database encryption on the db1 database on sql2017
PS C:\> Get-DbaDatabase -SqlInstance sql2017 -Database db1 | Enable-DbaDbEncryption -Confirm:$false
Suppresses all prompts to enable database encryption on the db1 database on sql2017
The target SQL Server instance or instances.
| Alias | |
| Required | False |
| Pipeline | false |
| Default Value |
Login to the target instance using alternative credentials. Accepts PowerShell credentials (Get-Credential).
Windows Authentication, SQL Server Authentication, Active Directory - Password, and Active Directory - Integrated are all supported.
For MFA support, please use Connect-DbaInstance.
| Alias | |
| Required | False |
| Pipeline | false |
| Default Value |
The database that where encryption will be enabled
| Alias | |
| Required | False |
| Pipeline | false |
| Default Value |
If an Encryption Key does not exist in the database, this command will attempt to create one. This parameter specifies the name of the certificate in master that should be used and tries to find one
if one is not specified.
In order to encrypt the database encryption key with an asymmetric key, you must use an asymmetric key that resides on an extensible key management provider.
| Alias | Certificate,CertificateName |
| Required | False |
| Pipeline | false |
| Default Value |
Enables pipeline input from Get-DbaDatabase
| Alias | |
| Required | False |
| Pipeline | true (ByValue) |
| Default Value |
By default, this command will not encrypt a database unless the cert has been backed up
Use Force to enable encryption even though the specified cert has not been backed up
| Alias | |
| Required | False |
| Pipeline | false |
| Default Value | False |
By default, when something goes wrong we try to catch it, interpret it and give you a friendly warning message.
This avoids overwhelming you with "sea of red" exceptions, but is inconvenient because it basically disables advanced scripting.
Using this switch turns this "nice by default" feature off and enables you to catch exceptions with your own try/catch.
| Alias | |
| Required | False |
| Pipeline | false |
| Default Value | False |
Shows what would happen if the command were to run. No actions are actually performed.
| Alias | wi |
| Required | False |
| Pipeline | false |
| Default Value |
Prompts you for confirmation before executing any changing operations within the command.
| Alias | cf |
| Required | False |
| Pipeline | false |
| Default Value |