Remove-SqlColumnEncryptionKeyValue

Removes an encrypted value from an existing column encryption key object in the database.

Syntax

Remove-SqlColumnEncryptionKeyValue
      -ColumnMasterKeyName <String>
      [-Name] <String>
      [-InputObject] <Database>
      [-Script]
      [-AccessToken <PSObject>]
      [-TrustServerCertificate]
      [-HostNameInCertificate <String>]
      [-Encrypt <String>]
      [-ProgressAction <ActionPreference>]
      [<CommonParameters>]
Remove-SqlColumnEncryptionKeyValue
      -ColumnMasterKeyName <String>
      [-Name] <String>
      [[-Path] <String>]
      [-Script]
      [-AccessToken <PSObject>]
      [-TrustServerCertificate]
      [-HostNameInCertificate <String>]
      [-Encrypt <String>]
      [-ProgressAction <ActionPreference>]
      [<CommonParameters>]

Description

The Remove-SqlColumnEncryptionKeyValue cmdlet modifies a column encryption key object in the database, by removing an entry for an encrypted value produced using the specified column master key.

Examples

Example 1: Remove a column encryption key value

PS C:\> CD SQLSERVER:\SQL\MyServer\MyInstance\Databases\MyDatabase
PS SQLSERVER:\SQL\MyServer\MyInstance\Databases\MyDatabase> Remove-SqlColumnEncryptionKeyValue -Name "CEK1" -ColumnMasterKey "CMK1"

This command removes the column encryption key value encrypted with a column master key named CMK1 from the column encryption key database object named CEK1. The operation happens on database MyDatabase on server instance MyServer\MyInstance

Parameters

-AccessToken

The access token used to authenticate to SQL Server, as an alternative to user/password or Windows Authentication.

This can be used, for example, to connect to SQL Azure DB and SQL Azure Managed Instance using a Service Principal or a Managed Identity.

The parameter to use can be either a string representing the token or a PSAccessToken object as returned by running Get-AzAccessToken -ResourceUrl https://database.windows.net.

This parameter is new in v22 of the module.

Type:PSObject
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ColumnMasterKeyName

Specifies the name of the column master key that was used to produce the encrypted value that this cmdlet removes.

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-Encrypt

The encryption type to use when connecting to SQL Server.

This value maps to the Encrypt property SqlConnectionEncryptOption on the SqlConnection object of the Microsoft.Data.SqlClient driver.

In v22 of the module, the default is Optional (for compatibility with v21). In v23+ of the module, the default value will be 'Mandatory', which may create a breaking change for existing scripts.

This parameter is new in v22 of the module.

Type:String
Accepted values:Mandatory, Optional, Strict
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-HostNameInCertificate

The host name to be used in validating the SQL Server TLS/SSL certificate. You must pass this parameter if your SQL Server instance is enabled for Force Encryption and you want to connect to an instance using hostname/shortname. If this parameter is omitted then passing the Fully Qualified Domain Name (FQDN) to -ServerInstance is necessary to connect to a SQL Server instance enabled for Force Encryption.

This parameter is new in v22 of the module.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-InputObject

Specifies the SQL database object for which this cmdlet runs the operation.

Type:Database
Position:2
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-Name

Specifies the name of the column encryption key object that this cmdlet removes.

Type:String
Position:1
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-Path

Specifies the path of the SQL database for which this cmdlet runs the operation. If you do not specify a value for this parameter, this cmdlet uses the current working location.

Type:String
Position:2
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ProgressAction

Determines how PowerShell responds to progress updates generated by a script, cmdlet, or provider, such as the progress bars generated by the Write-Progress cmdlet. The Write-Progress cmdlet creates progress bars that show a command's status.

Type:ActionPreference
Aliases:proga
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Script

Indicates that this cmdlet returns a Transact-SQL script that performs the task that this cmdlet performs.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-TrustServerCertificate

Indicates whether the channel will be encrypted while bypassing walking the certificate chain to validate trust.

In v22 of the module, the default is $true (for compatibility with v21). In v23+ of the module, the default value will be '$false', which may create a breaking change for existing scripts.

This parameter is new in v22 of the module.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

Microsoft.SqlServer.Management.Smo.Database