Skip to content

Add SQL Server 2025 encryption options to sqlcmd calls in PostProcess.cmd#508

Open
Copilot wants to merge 5 commits intomasterfrom
copilot/check-sqlcmd-bcp-encryption
Open

Add SQL Server 2025 encryption options to sqlcmd calls in PostProcess.cmd#508
Copilot wants to merge 5 commits intomasterfrom
copilot/check-sqlcmd-bcp-encryption

Conversation

Copy link
Copy Markdown

Copilot AI commented Apr 25, 2026
edited by PiJoCoder
Loading

Summary

Enables the sqlcmd.exe encryption flag in PostProcess.cmd to -N (opportunistic encryption, supported by all sqlcmd versions). Also updates the SHA-256 hash in ScriptIntegrity.cs to match the new file content.

Fixes #427

Changes

File Change
PostProcess.cmd -N on the EncryptConnection=true branch; updated comment
ScriptIntegrity.cs SHA-256 hash updated to match new PostProcess.cmd

How to Test

Prerequisites

  • A Windows machine with SQL Nexus built from this branch (or the release .zip dropped into the install folder)
  • Access to at least one SQL Server instance (any version; 2012+ recommended for encryption support)
  • A small PSSDiag / SQLDiag data collection to import (even a folder with no .sqlplan files is enough to exercise the post-processing path)

Test 1 – Script integrity check passes

  1. Build the solution and run SQL Nexus.
  2. Log in and run any import.
  3. In the SQL Nexus log (or the sqlnexuslog*.txt file), confirm you see:
    [ScriptIntegrity] Script 'PostProcess.cmd' integrity OK.
    and not has been tampered with.

Test 2 – Import with Encrypt Connection = ON

  1. Launch SQL Nexus.
  2. In the login dialog, check Encrypt Connection (and optionally Trust Server Certificate).
  3. Connect and run an import against a SQL Server instance.
  4. In the log, verify the line:
    Executing: PostProcess.cmd "…" "…" "…" "true" "…"
  5. Confirm post-processing completes without errors.
  6. Confirm the sqlcmd calls logged inside PostProcess.cmd include -N (and -C if Trust Server Certificate was also checked).

Test 3 – Import with Encrypt Connection = OFF

  1. Launch SQL Nexus.
  2. In the login dialog, uncheck Encrypt Connection.
  3. Connect and run an import.
  4. In the log, verify the line:
    Executing: PostProcess.cmd "…" "…" "…" "false" "…"
  5. Confirm post-processing completes without errors and that no -N flag appears in the logged sqlcmd commands.

Test 4 – Backward compatibility with legacy ODBC-based sqlcmd.exe

This confirms the regression -Nm introduced on older tooling is fixed.

  1. On a machine where sqlcmd.exe is the ODBC-based version (not go-sqlcmd — check with sqlcmd -?; the ODBC version prints Microsoft (R) SQL Server Command Line Tool).
  2. Repeat Test 2.
  3. Expect success. With the old -Nm flag this would have failed with unknown option.

Test 5 – Direct command-line smoke test

Open a command prompt in the SQL Nexus build output folder and run:

PostProcess.cmd "YourServer" "YourDatabase" "C:\path\to\data" "true" "false"

Verify:

  • No unknown option error from sqlcmd.
  • The echo lines show Creating tblPlansTemp and SQL Nexus PostProcessing complete.

Then repeat with "false" "false" and confirm the same outcome (no -N).

Copilot AI linked an issue Apr 25, 2026 that may be closed by this pull request
Check if any sqlcmd or bcp calls need to be updated for SQL 2025 support which require encryption options to be passed #427
Open
Copilot AI and others added 2 commits April 25, 2026 00:57
@PiJoCoder
Add SQL Server 2025 encryption options to sqlcmd calls in PostProcess…
285a32f 
….cmd

- Accept EncryptConnection and TrustServerCertificate as new parameters (%4, %5)
- Conditionally build SQLCMD_ENCRYPTION_OPTS with -Nm and -C flags
- Pass these options to all three active sqlcmd.exe calls
- Pass EncryptConnection and TrustServerCertificate from CredentialManager in fmImport.cs
- Update SHA256 hash in ScriptIntegrity.cs to reflect PostProcess.cmd changes

Agent-Logs-Url: https://github.com/microsoft/SqlNexus/sessions/252e6ca7-99cd-4b6d-9489-86b2a166faeb

Co-authored-by: PiJoCoder <23519517+PiJoCoder@users.noreply.github.com>
@PiJoCoder
Remove accidentally committed .nuget/nuget.exe binary
1eaba50 
Agent-Logs-Url: https://github.com/microsoft/SqlNexus/sessions/252e6ca7-99cd-4b6d-9489-86b2a166faeb

Co-authored-by: PiJoCoder <23519517+PiJoCoder@users.noreply.github.com>
Copilot AI changed the title [WIP] Update sqlcmd and bcp calls for SQL 2025 support Add SQL Server 2025 encryption options to sqlcmd calls in PostProcess.cmd Apr 25, 2026
Copilot AI requested a review from PiJoCoder April 25, 2026 00:58
PiJoCoder
PiJoCoder approved these changes Apr 25, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@PiJoCoder PiJoCoder left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ran through tests. Looks good.

@PiJoCoder PiJoCoder marked this pull request as ready for review April 25, 2026 03:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hacitandogan hacitandogan Awaiting requested review from hacitandogan

@PiJoCoder PiJoCoder Awaiting requested review from PiJoCoder

@asavioliMSFT asavioliMSFT Awaiting requested review from asavioliMSFT

At least 1 approving review is required to merge this pull request.

Assignees

@PiJoCoder PiJoCoder

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Check if any sqlcmd or bcp calls need to be updated for SQL 2025 support which require encryption options to be passed

2 participants

@PiJoCoder