Encryption Protectors - Create Or Update

サービス:: SQL Database

API バージョン:: 2025-01-01

既存の暗号化保護機能を更新します。

PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/encryptionProtector/current?api-version=2025-01-01

URI パラメーター

名前	/	必須	型	説明
encryptionProtectorName	path	True	EncryptionProtectorName	取得する暗号化保護機能の名前。
resourceGroupName	path	True	string minLength: 1 maxLength: 90	リソースグループの名前。名前の大文字と小文字は区別されません。
serverName	path	True	string	サーバーの名前。
subscriptionId	path	True	string (uuid)	ターゲットサブスクリプションの ID。値は UUID である必要があります。
api-version	query	True	string minLength: 1	この操作に使用する API バージョン。

要求本文

名前	必須	型	説明
properties.serverKeyType	True	ServerKeyType	"ServiceManaged"、"AzureKeyVault" などの暗号化保護機能の種類。
properties.autoRotationEnabled		boolean	キー自動ローテーションオプトインフラグ。 true または false のいずれか。
properties.serverKeyName		string	サーバーキーの名前。

応答

名前	型	説明
200 OK	EncryptionProtector	リソース「EncryptionProtector」更新操作が成功しました
202 Accepted		リソース操作が受け入れられます。ヘッダー Location: string Retry-After: integer
Other Status Codes	ErrorResponse	予期しないエラー応答。

名前

型

説明

200 OK

EncryptionProtector

リソース「EncryptionProtector」更新操作が成功しました

202 Accepted

リソース操作が受け入れられます。

ヘッダー

Location: string
Retry-After: integer

Other Status Codes

ErrorResponse

予期しないエラー応答。

セキュリティ

azure_auth

Azure Active Directory OAuth2 フロー。

型: oauth2
フロー: implicit
Authorization URL (承認 URL): https://login.microsoftonline.com/common/oauth2/authorize

スコープ

名前	説明
user_impersonation	ユーザーアカウントを偽装する

例

Update the encryption protector to key vault

Update the encryption protector to key vault with versionless key

Update the encryption protector to service managed

Update the encryption protector to key vault

要求のサンプル

PUT https://management.azure.com/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/sqlcrudtest-7398/providers/Microsoft.Sql/servers/sqlcrudtest-4645/encryptionProtector/current?api-version=2025-01-01

{
  "properties": {
    "autoRotationEnabled": false,
    "serverKeyName": "someVault_someKey_01234567890123456789012345678901",
    "serverKeyType": "AzureKeyVault"
  }
}

from azure.identity import DefaultAzureCredential

from azure.mgmt.sql import SqlManagementClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-sql
# USAGE
    python encryption_protector_create_or_update_key_vault.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = SqlManagementClient(
        credential=DefaultAzureCredential(),
        subscription_id="SUBSCRIPTION_ID",
    )

    response = client.encryption_protectors.begin_create_or_update(
        resource_group_name="sqlcrudtest-7398",
        server_name="sqlcrudtest-4645",
        encryption_protector_name="current",
        parameters={
            "properties": {
                "autoRotationEnabled": False,
                "serverKeyName": "someVault_someKey_01234567890123456789012345678901",
                "serverKeyType": "AzureKeyVault",
            }
        },
    ).result()
    print(response)


# x-ms-original-file: 2025-01-01/EncryptionProtectorCreateOrUpdateKeyVault.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Sql.Models;
using Azure.ResourceManager.Sql;

// Generated from example definition: specification/sql/resource-manager/Microsoft.Sql/SQL/stable/2025-01-01/examples/EncryptionProtectorCreateOrUpdateKeyVault.json
// this example is just showing the usage of "EncryptionProtectors_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this SqlServerResource created on azure
// for more information of creating SqlServerResource, please refer to the document of SqlServerResource
string subscriptionId = "00000000-1111-2222-3333-444444444444";
string resourceGroupName = "sqlcrudtest-7398";
string serverName = "sqlcrudtest-4645";
ResourceIdentifier sqlServerResourceId = SqlServerResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, serverName);
SqlServerResource sqlServer = client.GetSqlServerResource(sqlServerResourceId);

// get the collection of this EncryptionProtectorResource
EncryptionProtectorCollection collection = sqlServer.GetEncryptionProtectors();

// invoke the operation
EncryptionProtectorName encryptionProtectorName = EncryptionProtectorName.Current;
EncryptionProtectorData data = new EncryptionProtectorData
{
    ServerKeyName = "someVault_someKey_01234567890123456789012345678901",
    ServerKeyType = SqlServerKeyType.AzureKeyVault,
    IsAutoRotationEnabled = false,
};
ArmOperation<EncryptionProtectorResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, encryptionProtectorName, data);
EncryptionProtectorResource result = lro.Value;

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
EncryptionProtectorData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

応答のサンプル

状態コード:: 200

{
  "name": "current",
  "type": "Microsoft.Sql/servers/encryptionProtector",
  "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/sqlcrudtest-7398/providers/Microsoft.Sql/servers/sqlcrudtest-4645/encryptionProtector/current",
  "kind": "azurekeyvault",
  "location": "West US",
  "properties": {
    "autoRotationEnabled": false,
    "serverKeyName": "someVault_someKey_01234567890123456789012345678901",
    "serverKeyType": "AzureKeyVault"
  }
}

状態コード:: 202

Update the encryption protector to key vault with versionless key

要求のサンプル

PUT https://management.azure.com/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/sqlcrudtest-7398/providers/Microsoft.Sql/servers/sqlcrudtest-4645/encryptionProtector/current?api-version=2025-01-01

{
  "properties": {
    "autoRotationEnabled": false,
    "serverKeyName": "someVault_someKey",
    "serverKeyType": "AzureKeyVault"
  }
}

from azure.identity import DefaultAzureCredential

from azure.mgmt.sql import SqlManagementClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-sql
# USAGE
    python encryption_protector_create_or_update_key_vault_with_versionless_key.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = SqlManagementClient(
        credential=DefaultAzureCredential(),
        subscription_id="SUBSCRIPTION_ID",
    )

    response = client.encryption_protectors.begin_create_or_update(
        resource_group_name="sqlcrudtest-7398",
        server_name="sqlcrudtest-4645",
        encryption_protector_name="current",
        parameters={
            "properties": {
                "autoRotationEnabled": False,
                "serverKeyName": "someVault_someKey",
                "serverKeyType": "AzureKeyVault",
            }
        },
    ).result()
    print(response)


# x-ms-original-file: 2025-01-01/EncryptionProtectorCreateOrUpdateKeyVaultWithVersionlessKey.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Sql.Models;
using Azure.ResourceManager.Sql;

// Generated from example definition: specification/sql/resource-manager/Microsoft.Sql/SQL/stable/2025-01-01/examples/EncryptionProtectorCreateOrUpdateKeyVaultWithVersionlessKey.json
// this example is just showing the usage of "EncryptionProtectors_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this SqlServerResource created on azure
// for more information of creating SqlServerResource, please refer to the document of SqlServerResource
string subscriptionId = "00000000-1111-2222-3333-444444444444";
string resourceGroupName = "sqlcrudtest-7398";
string serverName = "sqlcrudtest-4645";
ResourceIdentifier sqlServerResourceId = SqlServerResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, serverName);
SqlServerResource sqlServer = client.GetSqlServerResource(sqlServerResourceId);

// get the collection of this EncryptionProtectorResource
EncryptionProtectorCollection collection = sqlServer.GetEncryptionProtectors();

// invoke the operation
EncryptionProtectorName encryptionProtectorName = EncryptionProtectorName.Current;
EncryptionProtectorData data = new EncryptionProtectorData
{
    ServerKeyName = "someVault_someKey",
    ServerKeyType = SqlServerKeyType.AzureKeyVault,
    IsAutoRotationEnabled = false,
};
ArmOperation<EncryptionProtectorResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, encryptionProtectorName, data);
EncryptionProtectorResource result = lro.Value;

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
EncryptionProtectorData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

応答のサンプル

状態コード:: 200

{
  "name": "current",
  "type": "Microsoft.Sql/servers/encryptionProtector",
  "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/sqlcrudtest-7398/providers/Microsoft.Sql/servers/sqlcrudtest-4645/encryptionProtector/current",
  "kind": "azurekeyvault",
  "location": "West US",
  "properties": {
    "autoRotationEnabled": false,
    "keyVersion": "01234567890123456789012345678901",
    "serverKeyName": "someVault_someKey",
    "serverKeyType": "AzureKeyVault"
  }
}

状態コード:: 202

Update the encryption protector to service managed

要求のサンプル

PUT https://management.azure.com/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/sqlcrudtest-7398/providers/Microsoft.Sql/servers/sqlcrudtest-4645/encryptionProtector/current?api-version=2025-01-01

{
  "properties": {
    "serverKeyName": "ServiceManaged",
    "serverKeyType": "ServiceManaged"
  }
}

from azure.identity import DefaultAzureCredential

from azure.mgmt.sql import SqlManagementClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-sql
# USAGE
    python encryption_protector_create_or_update_service_managed.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = SqlManagementClient(
        credential=DefaultAzureCredential(),
        subscription_id="SUBSCRIPTION_ID",
    )

    response = client.encryption_protectors.begin_create_or_update(
        resource_group_name="sqlcrudtest-7398",
        server_name="sqlcrudtest-4645",
        encryption_protector_name="current",
        parameters={"properties": {"serverKeyName": "ServiceManaged", "serverKeyType": "ServiceManaged"}},
    ).result()
    print(response)


# x-ms-original-file: 2025-01-01/EncryptionProtectorCreateOrUpdateServiceManaged.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Sql.Models;
using Azure.ResourceManager.Sql;

// Generated from example definition: specification/sql/resource-manager/Microsoft.Sql/SQL/stable/2025-01-01/examples/EncryptionProtectorCreateOrUpdateServiceManaged.json
// this example is just showing the usage of "EncryptionProtectors_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this SqlServerResource created on azure
// for more information of creating SqlServerResource, please refer to the document of SqlServerResource
string subscriptionId = "00000000-1111-2222-3333-444444444444";
string resourceGroupName = "sqlcrudtest-7398";
string serverName = "sqlcrudtest-4645";
ResourceIdentifier sqlServerResourceId = SqlServerResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, serverName);
SqlServerResource sqlServer = client.GetSqlServerResource(sqlServerResourceId);

// get the collection of this EncryptionProtectorResource
EncryptionProtectorCollection collection = sqlServer.GetEncryptionProtectors();

// invoke the operation
EncryptionProtectorName encryptionProtectorName = EncryptionProtectorName.Current;
EncryptionProtectorData data = new EncryptionProtectorData
{
    ServerKeyName = "ServiceManaged",
    ServerKeyType = SqlServerKeyType.ServiceManaged,
};
ArmOperation<EncryptionProtectorResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, encryptionProtectorName, data);
EncryptionProtectorResource result = lro.Value;

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
EncryptionProtectorData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

応答のサンプル

状態コード:: 200

{
  "name": "current",
  "type": "Microsoft.Sql/servers/encryptionProtector",
  "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/sqlcrudtest-7398/providers/Microsoft.Sql/servers/sqlcrudtest-4645/encryptionProtector/current",
  "kind": "servicemanaged",
  "location": "West US",
  "properties": {
    "serverKeyName": "ServiceManaged",
    "serverKeyType": "ServiceManaged"
  }
}

状態コード:: 202

定義

名前	説明
createdByType	リソースを作成した ID の種類。
EncryptionProtector	サーバー暗号化保護機能。
EncryptionProtectorName	取得する暗号化保護機能の名前。
ErrorAdditionalInfo	リソース管理エラーの追加情報。
ErrorDetail	エラーの詳細。
ErrorResponse	エラー応答
ServerKeyType	"ServiceManaged"、"AzureKeyVault" などの暗号化保護機能の種類。
systemData	リソースの作成と最後の変更に関連するメタデータ。

createdByType

列挙

リソースを作成した ID の種類。

値	説明
User
Application
ManagedIdentity
Key

EncryptionProtector

Object

サーバー暗号化保護機能。

名前	型	説明
id	string (arm-id)	リソースの完全修飾リソース ID。例: "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"
kind	string	暗号化保護機能の種類。これはAzureポータル体験で使用されるメタデータです。
location	string	リソースの場所。
name	string	リソースの名前
properties.autoRotationEnabled	boolean	キー自動ローテーションオプトインフラグ。 true または false のいずれか。
properties.keyVersion	string	暗号化保護機能として使用されているサーバー鍵のバージョン
properties.serverKeyName	string	サーバーキーの名前。
properties.serverKeyType	ServerKeyType	"ServiceManaged"、"AzureKeyVault" などの暗号化保護機能の種類。
properties.subregion	string	暗号化保護機能のサブ領域。
properties.thumbprint	string	サーバーキーの拇印。
properties.uri	string	サーバーキーの URI。
systemData	systemData	create By と modifiedBy の情報を含む Azure Resource Manager メタデータ。
type	string	リソースの型。例えば「Microsoft。Compute/virtualMachines」または「Microsoft」などです。ストレージ/ストレージアカウント」

EncryptionProtectorName

列挙

取得する暗号化保護機能の名前。

値	説明
current	現在

ErrorAdditionalInfo

Object

リソース管理エラーの追加情報。

名前	型	説明
info	object	追加情報。
type	string	追加情報の種類。

ErrorDetail

Object

エラーの詳細。

名前	型	説明
additionalInfo	ErrorAdditionalInfo[]	エラーの追加情報。
code	string	エラーコード。
details	ErrorDetail[]	エラーの詳細。
message	string	エラーメッセージ。
target	string	エラーターゲット。

ErrorResponse

Object

エラー応答

名前	型	説明
error	ErrorDetail	エラーオブジェクト。

ServerKeyType

列挙

"ServiceManaged"、"AzureKeyVault" などの暗号化保護機能の種類。

値	説明
ServiceManaged	ServiceManaged
AzureKeyVault	AzureKeyVault

systemData

Object

リソースの作成と最後の変更に関連するメタデータ。

名前	型	説明
createdAt	string (date-time)	リソース作成のタイムスタンプ (UTC)。
createdBy	string	リソースを作成した ID。
createdByType	createdByType	リソースを作成した ID の種類。
lastModifiedAt	string (date-time)	リソースの最終変更のタイムスタンプ (UTC)
lastModifiedBy	string	リソースを最後に変更した ID。
lastModifiedByType	createdByType	リソースを最後に変更した ID の種類。