Skip to content

Add SQL Server 2025 encryption options to sqlcmd calls in PostProcess.cmd#508

Merged
PiJoCoder merged 8 commits intomasterfrom
copilot/check-sqlcmd-bcp-encryption
Apr 30, 2026
Merged

Add SQL Server 2025 encryption options to sqlcmd calls in PostProcess.cmd#508
PiJoCoder merged 8 commits intomasterfrom
copilot/check-sqlcmd-bcp-encryption

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Apr 25, 2026
edited by PiJoCoder
Loading

Summary

Enables the sqlcmd.exe encryption flag in PostProcess.cmd to -N (opportunistic encryption, supported by all sqlcmd versions). Also updates the SHA-256 hash in ScriptIntegrity.cs to match the new file content.

Fixes #427

Changes

File Change
PostProcess.cmd -N on the EncryptConnection=true branch; updated comment
ScriptIntegrity.cs SHA-256 hash updated to match new PostProcess.cmd

How to Test

Prerequisites

  • A Windows machine with SQL Nexus built from this branch (or the release .zip dropped into the install folder)
  • Access to at least one SQL Server instance (any version; 2012+ recommended for encryption support)
  • A small PSSDiag / SQLDiag data collection to import (even a folder with no .sqlplan files is enough to exercise the post-processing path)

Test 1 – Script integrity check passes

  1. Build the solution and run SQL Nexus.
  2. Log in and run any import.
  3. In the SQL Nexus log (or the sqlnexuslog*.txt file), confirm you see:
    [ScriptIntegrity] Script 'PostProcess.cmd' integrity OK.
    and not has been tampered with.

Test 2 – Import with Encrypt Connection = ON

  1. Launch SQL Nexus.
  2. In the login dialog, check Encrypt Connection (and optionally Trust Server Certificate).
  3. Connect and run an import against a SQL Server instance.
  4. In the log, verify the line:
    Executing: PostProcess.cmd "…" "…" "…" "true" "…"
  5. Confirm post-processing completes without errors.
  6. Confirm the sqlcmd calls logged inside PostProcess.cmd include -N (and -C if Trust Server Certificate was also checked).

Test 3 – Import with Encrypt Connection = OFF

  1. Launch SQL Nexus.
  2. In the login dialog, uncheck Encrypt Connection.
  3. Connect and run an import.
  4. In the log, verify the line:
    Executing: PostProcess.cmd "…" "…" "…" "false" "…"
  5. Confirm post-processing completes without errors and that no -N flag appears in the logged sqlcmd commands.

Test 4 – Backward compatibility with legacy ODBC-based sqlcmd.exe

This confirms the regression -Nm introduced on older tooling is fixed.

  1. On a machine where sqlcmd.exe is the ODBC-based version (not go-sqlcmd — check with sqlcmd -?; the ODBC version prints Microsoft (R) SQL Server Command Line Tool).
  2. Repeat Test 2.
  3. Expect success. With the old -Nm flag this would have failed with unknown option.

Test 5 – Direct command-line smoke test

Open a command prompt in the SQL Nexus build output folder and run:

PostProcess.cmd "YourServer" "YourDatabase" "C:\path\to\data" "true" "false"

Verify:

  • No unknown option error from sqlcmd.
  • The echo lines show Creating tblPlansTemp and SQL Nexus PostProcessing complete.

Then repeat with "false" "false" and confirm the same outcome (no -N).

Copilot AI linked an issue Apr 25, 2026 that may be closed by this pull request
Check if any sqlcmd or bcp calls need to be updated for SQL 2025 support which require encryption options to be passed #427
Closed
Copilot AI and others added 2 commits April 25, 2026 00:57
@PiJoCoder
Add SQL Server 2025 encryption options to sqlcmd calls in PostProcess…
285a32f 
….cmd

- Accept EncryptConnection and TrustServerCertificate as new parameters (%4, %5)
- Conditionally build SQLCMD_ENCRYPTION_OPTS with -Nm and -C flags
- Pass these options to all three active sqlcmd.exe calls
- Pass EncryptConnection and TrustServerCertificate from CredentialManager in fmImport.cs
- Update SHA256 hash in ScriptIntegrity.cs to reflect PostProcess.cmd changes

Agent-Logs-Url: https://github.com/microsoft/SqlNexus/sessions/252e6ca7-99cd-4b6d-9489-86b2a166faeb

Co-authored-by: PiJoCoder <23519517+PiJoCoder@users.noreply.github.com>
@PiJoCoder
Remove accidentally committed .nuget/nuget.exe binary
1eaba50 
Agent-Logs-Url: https://github.com/microsoft/SqlNexus/sessions/252e6ca7-99cd-4b6d-9489-86b2a166faeb

Co-authored-by: PiJoCoder <23519517+PiJoCoder@users.noreply.github.com>
Copilot AI changed the title [WIP] Update sqlcmd and bcp calls for SQL 2025 support Add SQL Server 2025 encryption options to sqlcmd calls in PostProcess.cmd Apr 25, 2026
Copilot AI requested a review from PiJoCoder April 25, 2026 00:58
PiJoCoder
PiJoCoder approved these changes Apr 25, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@PiJoCoder PiJoCoder left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ran through tests. Looks good.

@PiJoCoder PiJoCoder marked this pull request as ready for review April 25, 2026 03:15
@PiJoCoder
#427 fix: restore encryption checkboxes on Connect dialog load and fi…
988ca51 
…x PostProcess.cmd encryption flag detection

- PostProcess.cmd: fix encryption option conditionals to handle
  quoted argument values by removing extra wrapping quotes from
  the if comparisons (e.g. %EncryptConnection%=="true" instead
  of "%EncryptConnection%"=="true")
- fmLoginEx: restore EncryptConnection and TrustServerCertificate
  checkbox state from saved settings on form load, so the UI
  reflects the previously-used connection settings and changes
  (including unchecking) are correctly persisted and applied
- ScriptIntegrity: update PostProcess.cmd hash to match modified script
@PiJoCoder
#427 : fix PostProcess.cmd log formatting and update script integrity…
aa5a868 
… hash

- PostProcess.cmd: add +++ suffix to the sqlcmd parameters echo line so
  the C# OutputDataReceived stream capture inserts a newline after it,
  preventing the next log line from being concatenated onto the same line
- PostProcess.cmd: remove @echo. which produced an empty DataReceived
  event (Append("") no-op) that never created the intended blank line
- ScriptIntegrity.cs: update PostProcess.cmd SHA-256 hash to reflect the
  modified script content
- GenerateSqlHashes.ps1: fix key format to emit
  Application.StartupPath + "\\" + "filename" instead of just the
  bare filename, matching the dictionary key format in ScriptIntegrity.cs
@PiJoCoder
#427 make sure the new line in the log has date and time in front
15af950
@PiJoCoder PiJoCoder merged commit 7ade092 into master Apr 30, 2026
3 checks passed
@PiJoCoder PiJoCoder deleted the copilot/check-sqlcmd-bcp-encryption branch April 30, 2026 18:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hacitandogan hacitandogan hacitandogan approved these changes

@asavioliMSFT asavioliMSFT Awaiting requested review from asavioliMSFT

+1 more reviewer

@PiJoCoder PiJoCoder PiJoCoder approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@PiJoCoder PiJoCoder

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Check if any sqlcmd or bcp calls need to be updated for SQL 2025 support which require encryption options to be passed

3 participants

@PiJoCoder @hacitandogan