| title | Use PowerShell to enable transparent data encryption |
|---|---|
| titleSuffix | Azure SQL Managed Instance |
| description | Enable transparent data encryption in Azure SQL Managed Instance using PowerShell and your own key. |
| author | MladjoA |
| ms.author | mlandzic |
| ms.reviewer | vanto |
| ms.date | 05/18/2022 |
| ms.service | azure-sql-managed-instance |
| ms.subservice | security |
| ms.topic | conceptual |
| ms.custom | kr2b-contr-experiment, devx-track-azurepowershell |
| ms.devlang | powershell |
[!INCLUDEappliesto-sqldb]
This PowerShell script example configures transparent data encryption (TDE) in Azure SQL Managed Instance, using a customer-managed key from Azure Key Vault. This is often referred to as a bring-your-own-key (BYOK) scenario for TDE. To learn more, see Azure SQL Transparent Data Encryption with customer-managed key.
- An existing managed instance. See Use PowerShell to create a managed instance.
[!INCLUDE quickstarts-free-trial-note] [!INCLUDE updated-for-az] [!INCLUDE cloud-shell-try-it.md]
Using PowerShell locally or using Azure Cloud Shell requires Azure PowerShell 2.3.2 or a later version. If you need to upgrade, see Install Azure PowerShell module, or run the below sample script to install the module for the current user:
Install-Module -Name Az -AllowClobber -Scope CurrentUser
If you are running PowerShell locally, you also need to run Connect-AzAccount to create a connection with Azure.
[!code-powershell-interactivemain]
For more information on Azure PowerShell, see Azure PowerShell documentation.
Additional PowerShell script samples for SQL Managed Instance can be found in Azure SQL Managed Instance PowerShell scripts.