Always Encrypted With Powershell

Jakub Szymaszek shows how to configure Always Encrypted support from Powershell:

Note: In a production environment, you should always run tools (such as PowerShell or SSMS) provisioning and using Always Encrypted keys on a machine that is different than the machine hosting your database. The primary purpose of Always Encrypted is to protect your data, in case the environment hosting your database gets compromised. If your keys are revealed to the machine hosting the database, an attacker can get them and the benefit of Always Encrypted will be defeated.

That’s a good warning.

Related Posts

Collecting PRINT Outputs From Powershell

Jana Sattainathan shows how to query a number of SQL Server instances in parallel using Powershell and collecting the PRINT outputs from each: As an example, you may have a block of SQL that PRINTs out the current privileges in the databasethat can then be saved off and used as an independent script. In my case […]

Read More

For GDPR, Don’t Forget Query Monitoring Tools

Grant Fritchey points out another spot that might store personal information: When you capture query metrics through trace events or extended events, either using rpc_completed or sql_batch_completed, you not only get the query. You also get any parameter values associated with that query. Article 17 of the GDPR is extremely clear: The data subject shall have the […]

Read More


January 2017
« Dec Feb »