Encryption Cmdlets

The following are the lists of commands to use for encryption.

Arguments in bold are mandatory.

Set-AmcEncryptionKeyHash

Generates the Management Center encryption key hash. The hash is used to monitor the encryption key used to store the credentials in the database.

Return Value: Void

Arguments Argument Description
Configurer Credential The credentials that the cmdlet uses to make changes to the database. If this parameter is omitted then the cmdlet uses the user's credential.
Configurer Sql Authentication (Switch) When this switch is specified then the credentials provided by Configurer Credential are defined as SQL Authentication credentials. If this parameter is omitted then the Configurer Credential is presumed to be Windows credentials.
Database Server The SQL server hosting the database.
Database Name The name of the database on the SQL server.

Publish-AmcEncryptionKey

The Management Center uses an encryption key to safely store sensitive information such as client access credentials in the Management Center database. For multiple servers to read from the same database this key needs to be synchronized.

This command pushes the local Management Center encryption key to the connected database for other Management Servers to sync with.

You can sync with this key on other servers using the Sync-AmcEncryptionKey command. This is encrypted with the provided parameter and stored in the database. This should be removed using the Unpublish-AmcEncryptionKey when all servers are in sync.

Return Value: Void

Arguments Argument Description
Password (String) Password is used to secure the credential while it is stored in the database. You will need the same password to retrieve the key to another server.
Secure Password (String) Password is used to secure the credential while it is stored in the database. You will need the same password to retrieve the key to another server.
Configurer Credential The credentials that the cmdlet uses to make changes to the database. If this parameter is omitted then the cmdlet uses the user's credential.
Configurer Sql Authentication (Switch) When this switch is specified then the credentials provided by Configurer Credential are defined as SQL Authentication credentials. If this parameter is omitted then the Configurer Credential is presumed to be Windows credentials.
Database Server The SQL server hosting the database.
Database Name The name of the database on the SQL server.

Sync-AmcEncryptionKey

The Management Center uses an encryption key to safely store sensitive information such as client access credentials in the Management Center database. For multiple servers to read from the same database this key needs to be synchronized.

This command pulls a stored encryption key from a Management Center database and uses it on the local server. You can publish a key from another server using the Publish-AmcEncryptionKey command. The key should be removed using the Unpublish-AmcEncryptionKey when all servers are in sync.

Return Value: Void

Arguments Argument Description
Password (String) Password is used to read the encrypted key from the database. You will need to use the same password that was used in the Publish command.
Secure Password (String) Password is used to read the encrypted key from the database. You will need to use the same password that was used in the Publish command.
Configurer Credential The credentials that the cmdlet uses to make changes to the database. If this parameter is omitted then the cmdlet uses the user's credential.
Configurer Sql Authentication (Switch) When this switch is specified then the credentials provided by Configurer Credential are defined as SQL Authentication credentials. If this parameter is omitted then the Configurer Credential is presumed to be Windows credentials.
Database Server The SQL server hosting the database.
Database Name The name of the database on the SQL server.

Unpublish-AmcEncyptionKey

The Management Center uses an encryption key to safely store sensitive information such as client access credentials in the Management Center database. For multiple servers to read from the same database this key needs to be synchronized.

This command removes the Management Center encryption key from the connected database after other Management Servers are in sync. The key will still be stored securely on each serer but will no longer be in the database.

Return Value: Void

Arguments Argument Description
Configurer Credential The credentials that the cmdlet uses to make changes to the database. If this parameter is omitted then the cmdlet uses the user's credential.
Configurer Sql Authentication (Switch) When this switch is specified then the credentials provided by Configurer Credential are defined as SQL Authentication credentials. If this parameter is omitted then the Configurer Credential is presumed to be Windows credentials.
Database Server The SQL server hosting the database.
Database Name The name of the database on the SQL server.

Test-AmcEncryptionKey

The Management Center uses an encryption key to safely store sensitive information such as client access credentials in the Management Center database. For multiple servers to read from the same database this key needs to be synchronized.

A key can be stored in the database while synchronizing all servers. This command will test to see if there is a key available.

Return Value: Void

Arguments Argument Description
Configurer Credential The credentials that the cmdlet uses to make changes to the database. If this parameter is omitted then the cmdlet uses the user's credential.
Configurer Sql Authentication (Switch) When this switch is specified then the credentials provided by Configurer Credential are defined as SQL Authentication credentials. If this parameter is omitted then the Configurer Credential is presumed to be Windows credentials.
Database Server The SQL server hosting the database.
Database Name The name of the database on the SQL server.

Test-AmcEncryptionKeyHash

Compares the hash with the encryption key. If the hash does not exist then it is created. If the command returns false then the encryption key has changed and the client credentials stored in the database will be available.

Return Value: Void

Arguments Argument Description
Configurer Credential The credentials that the cmdlet uses to make changes to the database. If this parameter is omitted then the cmdlet uses the user's credential.
Configurer Sql Authentication (Switch) When this switch is specified then the credentials provided by Configurer Credential are defined as SQL Authentication credentials. If this parameter is omitted then the Configurer Credential is presumed to be Windows credentials.
Database Server The SQL server hosting the database.
Database Name The name of the database on the SQL server.