SQLServerPSModule icon indicating copy to clipboard operation
SQLServerPSModule copied to clipboard

Published 20 hours ago verified publisher icon microsoft

Enclave enabled keys in a database without an enclave

Open Pietervanhove opened this issue 1 year ago • 1 comments

When creating a column master key you can specify if the key should be enclave enabled or not.

$cmkSettings = New-SqlAzureKeyVaultColumnMasterKeySettings -KeyURL $akvKey.ID -AllowEnclaveComputations -KeyVaultAccessToken $keyVaultAccessToken

$cmkName = "CMK1" New-SqlColumnMasterKey -Name $cmkName -InputObject $database -ColumnMasterKeySettings $cmkSettings

At the moment, you can create an enclave enabled key in a database that doesn't has an enclave. I would expect that the PowerShell command returns an error message since there is no enclave enabled on the database. This is not possible in SSMS for example.

Pietervanhove avatar Dec 07 '23 12:12 Pietervanhove

Thanks @Pietervanhove. I've assigned this one to @DBarmanMS (feel free to do that yourself the next time around).

Matteo-T avatar Jan 16 '24 12:01 Matteo-T