I'm using an automated powershell script to downgrade the pricing tier of the database backup copy. While supplying the below command the tier downgrade fails. The error, if I understood correctly is referring to key-vault with a key named same as my server name, since there is no such key exists(hence the soft delete can also be not enabled), this command fails.
The command has been set-up when my application was not set-up with key-vault and seems like now it's failing.
Command used:
Set-AzureRmSqlDatabase -DatabaseName <*Back-up DB name*> -ServerName <*SQL server name*> -ResourceGroupName <*Resource Group name*> -Edition Standard -RequestedServiceObjectiveName S0
Error:
Set-AzureRmSqlDatabase : 45377: The provided Key Vault uri 'https://****.vault.azure.net/keys/<SERVERNAME>/<Subscription/some ID> is not valid. Please ensure the key vault has been configured with soft-delete. (https://aka.ms/sqltdebyoksoftdelete) At line:1 char:2 + Set-AzureRmSqlDatabase -DatabaseName <Back-up DB name> -ServerName <SQL server name>... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : CloseError: (:) [Set-AzureRmSqlDatabase], CloudException + FullyQualifiedErrorId : Microsoft.Azure.Commands.Sql.Database.Cmdlet.SetAzureSqlDatabase
Questions :
1.Why Set-AzureRmSqlDatabase command is referring to a key-vault URI, when not mentioned explicitly ?
2.Is there a option we need to set at the server/DB level to allow this command to read the server/DB name directly rather than searching for a key with server name?
Is this anywhere related to Transparent data encryption ?
Are we suppose to make any changes to this command if the key-vault comes later than the application/DB/key-vault set-up ?