Auto copy master cert for AG database adds

[potatoqualitee]

Summarize Functionality

I just created Copy-DbaDbCertificate and added it to Start-DbaMigration. It was suggested that it'd be awesome to help enable auto setup of encrypted databases on AGs. Maybe it belongs in Copy-DbaDatabase as well 🤔

@andreasjordan any chance you can take a look? Start-DbaDbEncryption works with the containers at https://dbatools.io/docker

Is there a command that is similiar or close to what you are looking for?

No

Technical Details

No response

[potatoqualitee]

hmmm im doing a private presentation tomorrow at 9, i may jump in and submit a PR if i cant resist 😅

[andreasjordan]

I can try, but this week might get a bit busy...

[andreasjordan]

Ok, my lab is up and running...

I think copying the master cert will be a seperate step, because we need much more information than provided in Add-DbaAgDatabase. Example: With automatic seeding we don't have a shared path to transfer the certificate. And we need the passwords.

[potatoqualitee]

ahhhh okay, we can add it in new-dbaavailabilitygroup since its a combo command anyway

[potatoqualitee]

i also want to ask the SMO team if it's possible to just copy in memory, that'd be nice. but when i checked i believe it was "get" and not "get;set"

[potatoqualitee]

asked: https://github.com/microsoft/sqlmanagementobjects/issues/76

[potatoqualitee]

Ohh check it out, @andreasjordan ! Someone responded with this link, I think it'll be great for Copy-DbaDbCertificate https://docs.microsoft.com/en-us/sql/t-sql/functions/cert-id-transact-sql?view=sql-server-ver15

[andreasjordan]

So not using Backup-DbaDbCertificate and Restore-DbaDbCertificate anymore? Good idea. But I would need some time to implement and test - don't have that this week. Maybe on the weekend...

[potatoqualitee]

Right! If it's possible. Seems possible 🤔

[potatoqualitee]

Make that part an internal command so we can potentially reuse it elsehwere