Managed Instance Encryption Protectors - Create Or Update
Service:
SQL Database
API Version:
2025-01-01
Updates an existing encryption protector.
PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/managedInstances/{managedInstanceName}/encryptionProtector/current?api-version=2025-01-01
from azure.identity import DefaultAzureCredential
from azure.mgmt.sql import SqlManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-sql
# USAGE
python managed_instance_encryption_protector_create_or_update_key_vault.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = SqlManagementClient(
credential=DefaultAzureCredential(),
subscription_id="SUBSCRIPTION_ID",
)
response = client.managed_instance_encryption_protectors.begin_create_or_update(
resource_group_name="sqlcrudtest-7398",
managed_instance_name="sqlcrudtest-4645",
encryption_protector_name="current",
parameters={
"properties": {
"autoRotationEnabled": False,
"serverKeyName": "someVault_someKey_01234567890123456789012345678901",
"serverKeyType": "AzureKeyVault",
}
},
).result()
print(response)
# x-ms-original-file: 2025-01-01/ManagedInstanceEncryptionProtectorCreateOrUpdateKeyVault.json
if __name__ == "__main__":
main()
using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Sql.Models;
using Azure.ResourceManager.Sql;
// Generated from example definition: specification/sql/resource-manager/Microsoft.Sql/SQL/stable/2025-01-01/examples/ManagedInstanceEncryptionProtectorCreateOrUpdateKeyVault.json
// this example is just showing the usage of "ManagedInstanceEncryptionProtectors_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ManagedInstanceEncryptionProtectorResource created on azure
// for more information of creating ManagedInstanceEncryptionProtectorResource, please refer to the document of ManagedInstanceEncryptionProtectorResource
string subscriptionId = "00000000-1111-2222-3333-444444444444";
string resourceGroupName = "sqlcrudtest-7398";
string managedInstanceName = "sqlcrudtest-4645";
EncryptionProtectorName encryptionProtectorName = EncryptionProtectorName.Current;
ResourceIdentifier managedInstanceEncryptionProtectorResourceId = ManagedInstanceEncryptionProtectorResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, managedInstanceName, encryptionProtectorName);
ManagedInstanceEncryptionProtectorResource managedInstanceEncryptionProtector = client.GetManagedInstanceEncryptionProtectorResource(managedInstanceEncryptionProtectorResourceId);
// invoke the operation
ManagedInstanceEncryptionProtectorData data = new ManagedInstanceEncryptionProtectorData
{
ServerKeyName = "someVault_someKey_01234567890123456789012345678901",
ServerKeyType = SqlServerKeyType.AzureKeyVault,
IsAutoRotationEnabled = false,
};
ArmOperation<ManagedInstanceEncryptionProtectorResource> lro = await managedInstanceEncryptionProtector.UpdateAsync(WaitUntil.Completed, data);
ManagedInstanceEncryptionProtectorResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ManagedInstanceEncryptionProtectorData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
from azure.identity import DefaultAzureCredential
from azure.mgmt.sql import SqlManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-sql
# USAGE
python managed_instance_encryption_protector_create_or_update_service_managed.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = SqlManagementClient(
credential=DefaultAzureCredential(),
subscription_id="SUBSCRIPTION_ID",
)
response = client.managed_instance_encryption_protectors.begin_create_or_update(
resource_group_name="sqlcrudtest-7398",
managed_instance_name="sqlcrudtest-4645",
encryption_protector_name="current",
parameters={"properties": {"serverKeyName": "ServiceManaged", "serverKeyType": "ServiceManaged"}},
).result()
print(response)
# x-ms-original-file: 2025-01-01/ManagedInstanceEncryptionProtectorCreateOrUpdateServiceManaged.json
if __name__ == "__main__":
main()
using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Sql.Models;
using Azure.ResourceManager.Sql;
// Generated from example definition: specification/sql/resource-manager/Microsoft.Sql/SQL/stable/2025-01-01/examples/ManagedInstanceEncryptionProtectorCreateOrUpdateServiceManaged.json
// this example is just showing the usage of "ManagedInstanceEncryptionProtectors_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ManagedInstanceEncryptionProtectorResource created on azure
// for more information of creating ManagedInstanceEncryptionProtectorResource, please refer to the document of ManagedInstanceEncryptionProtectorResource
string subscriptionId = "00000000-1111-2222-3333-444444444444";
string resourceGroupName = "sqlcrudtest-7398";
string managedInstanceName = "sqlcrudtest-4645";
EncryptionProtectorName encryptionProtectorName = EncryptionProtectorName.Current;
ResourceIdentifier managedInstanceEncryptionProtectorResourceId = ManagedInstanceEncryptionProtectorResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, managedInstanceName, encryptionProtectorName);
ManagedInstanceEncryptionProtectorResource managedInstanceEncryptionProtector = client.GetManagedInstanceEncryptionProtectorResource(managedInstanceEncryptionProtectorResourceId);
// invoke the operation
ManagedInstanceEncryptionProtectorData data = new ManagedInstanceEncryptionProtectorData
{
ServerKeyName = "ServiceManaged",
ServerKeyType = SqlServerKeyType.ServiceManaged,
};
ArmOperation<ManagedInstanceEncryptionProtectorResource> lro = await managedInstanceEncryptionProtector.UpdateAsync(WaitUntil.Completed, data);
ManagedInstanceEncryptionProtectorResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ManagedInstanceEncryptionProtectorData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"
kind
string
Kind of encryption protector. This is metadata used for the Azure portal experience.
name
string
The name of the resource
properties.autoRotationEnabled
boolean
Key auto rotation opt-in flag. Either true or false.