| title | description | author | ms.author | ms.reviewer | ms.date | ms.service | ms.subservice | ms.custom | ms.topic | zone_pivot_groups | monikerRange |
|---|---|---|---|---|---|---|---|---|---|---|---|
Enable automatic digest storage |
This article discusses how to enable automatic digest storage in Azure SQL Database using the Azure portal, PowerShell, and the Azure CLI. |
VanMSFT |
vanto |
mathoma |
02/07/2024 |
sql |
security |
devx-track-azurecli, ignite-2023 |
how-to |
as1-azuresql-sql |
= azuresqldb-current||>= sql-server-ver16||>= sql-server-linux-ver16||=azuresqldb-mi-current |
[!INCLUDE SQL Server 2022 Azure SQL Database Azure SQL Managed Instance]
::: zone pivot="as1-azure-sql-database"
In this article, we'll describe how you can configure automatic generation and storage of database digests through the Azure portal, PowerShell, or the Azure CLI.
- Have an active Azure subscription. If you don't have one, create a free account.
- An Azure SQL Database
-
Open the Azure portal and locate the database for which you want to enable automatic digest storage. Select that database in SQL Database.
[!NOTE] Enable automatic digest storage can also be configured when creating a new database.
-
In Security, select the Ledger option.
-
In the Ledger pane, select Enable automatic digest storage. Select the storage type. You can choose between Azure Storage or Azure Confidential Ledger (ACL). Depending on the storage type you picked, you have to select an existing storage account or ACL, or create a new one. The storage container name is fixed and can't be modified.
:::image type="content" source="media/ledger/automatic-digest-management.png" alt-text="Screenshot that shows the selections for enabling digest storage.":::
-
Select Save to save your automatic digest storage configuration.
Update the database to start uploading ledger digests to the Azure Blob Storage account or Azure Confidential Ledger, by using the Enable-AzSqlDatabaseLedgerDigestUpload cmdlet. When the endpoint parameter is an Azure Blob Storage endpoint, the database server will create a new container, named sqldbledgerdigests, within the storage account and it will start writing ledger digests to the container.
In the following script, be sure to modify the following parameters: ResourceGroupName, ServerName, DatabaseName and Endpoint (ACL endpoint or Azure Storage endpoint):
Write-host "Enabling ledger digest upload..."
$ledgerDigestUploadConfig = Enable-AzSqlDatabaseLedgerDigestUpload `
-ResourceGroupName "ResourceGroup01" `
-ServerName "Server01" `
-DatabaseName "Database01" `
-Endpoint "https://ledgerstorage.blob.core.windows.net"
$ledgerDigestUploadConfig
Update the database to start uploading ledger digests to the Azure Blob Storage account or Azure Confidential Ledger, by using the az sql db ledger-digest-uploads enable command.
Make sure you modify the parameters resource-group, server, name and endpoint (ACL endpoint or Azure Storage endpoint)
az sql db ledger-digest-uploads enable \
--resource-group ResourceGroup01 \
--server Server01 \
--name Database01 \
--endpoint https://ledgerstorage.blob.core.windows.net
::: zone-end
::: zone pivot="as1-azure-sql-managed-instance"
In this article, we'll describe how you can configure automatic generation and storage of database digests through the Azure portal, PowerShell, or the Azure CLI.
- Have an active Azure subscription. If you don't have one, create a free account.
- An Azure SQL Managed Instance
-
Open the Azure portal and locate the managed database for which you want to enable automatic digest storage.
[!NOTE] Enable automatic digest storage can also be configured when creating a new database.
-
In Security, select the Ledger option.
-
In the Ledger pane, select Enable automatic digest storage. Select the storage type. You can choose between Azure Storage or Azure Confidential Ledger (ACL). Depending on the storage type you picked, you have to select an existing storage account or ACL, or create a new one. The storage container name is fixed and can't be modified.
:::image type="content" source="media/ledger/automatic-digest-management-sql-managed-instance.png" alt-text="Screenshot that shows the selections for enabling digest storage.":::
-
Select Save to save your automatic digest storage configuration.
Update the database to start uploading ledger digests to the Azure Blob Storage account or Azure Confidential Ledger. When the endpoint parameter is an Azure Blob Storage endpoint, the database server will create a new container, named sqldbledgerdigests, within the storage account and it will start writing ledger digests to the container.
Note
Make sure you modify the parameters ResourceGroupName, InstanceName, DatabaseName and Endpoint (ACL endpoint or Azure Storage endpoint).
Write-host "Enabling ledger digest upload..."
$ledgerDigestUploadConfig = Enable-AzSqlInstanceDatabaseLedgerDigestUpload `
-ResourceGroupName "ResourceGroup01" `
-InstanceName "ManagedInstance01" `
-DatabaseName "Database01" `
-Endpoint "https://ledgerstorage.blob.core.windows.net"
$ledgerDigestUploadConfig
Update the database to start uploading ledger digests to the Azure Blob Storage account or Azure Confidential Ledger, by using the az sql midb ledger-digest-uploads enable command.
Note
Make sure you modify the parameters resource-group, managed-instance, name and endpoint (ACL endpoint or Azure Storage endpoint)
az sql midb ledger-digest-uploads enable \
--resource-group ResourceGroup01 \
--managed-instance ManagedInstance01 \
--name Database01 \
--endpoint https://ledgerstorage.blob.core.windows.net
::: zone-end
::: zone pivot="as1-sql-server"
In this article, we'll describe how you can configure automatic generation and storage of database digests through using T-SQL in [!INCLUDE sssql22-md]. For information on configuring automatic generation and storage of database digests in Azure SQL Database, use the switch at the top of this page to toggle over to Azure SQL Database.
- [!INCLUDE sssql22-md]
- SQL Server Management Studio (SSMS) or Azure Data Studio
- An Azure Blob Storage
- An Azure Storage container
- A SQL Server credential. For more information, see Digest Management.
To enable uploading ledger digests, specify the endpoint of an Azure Blob storage account. To disable uploading ledger digests, set the option value to OFF. The default is OFF.
-
Sign into your [!INCLUDE sssql22-md] instance using SSMS or Azure Data Studio.
-
Configure automatic generation and storage of database digests using the following T-SQL statement:
ALTER DATABASE SCOPED CONFIGURATION SET LEDGER_DIGEST_STORAGE_ENDPOINT = 'https://ledgerstorage.blob.core.windows.net';
For more information, see ALTER DATABASE SCOPED CONFIGURATION (Transact-SQL).
::: zone-end