BACKUP MASTER KEY (Transact-SQL)

Exports the database master key.

Topic link icon Transact-SQL Syntax Conventions

Syntax

BACKUP MASTER KEY TO FILE = 'path_to_file' 
    ENCRYPTION BY PASSWORD = 'password'

Arguments

  • FILE ='path_to_file'
    Specifies the complete path, including file name, to the file to which the master key will be exported. This may be a local path or a UNC path to a network location.

  • PASSWORD ='password'
    Is the password used to encrypt the master key in the file. This password is subject to complexity checks. For more information, see Password Policy.

Remarks

The master key must be open and, therefore, decrypted before it is backed up. If it is encrypted with the service master key, the master key does not have to be explicitly opened. But if the master key is encrypted only with a password, it must be explicitly opened.

We recommend that you back up the master key as soon as it is created, and store the backup in a secure, off-site location.

Permissions

Requires CONTROL permission on the database.

Examples

The following example creates a backup of the AdventureWorks2012 master key. Because this master key is not encrypted by the service master key, a password must be specified when it is opened.

USE AdventureWorks2012;
OPEN MASTER KEY DECRYPTION BY PASSWORD = 'sfj5300osdVdgwdfkli7';
BACKUP MASTER KEY TO FILE = 'c:\temp\exportedmasterkey' 
    ENCRYPTION BY PASSWORD = 'sd092735kjn$&adsg';
GO 

See Also

Reference

CREATE MASTER KEY (Transact-SQL)

OPEN MASTER KEY (Transact-SQL)

CLOSE MASTER KEY (Transact-SQL)

RESTORE MASTER KEY (Transact-SQL)

ALTER MASTER KEY (Transact-SQL)

DROP MASTER KEY (Transact-SQL)

Concepts

Encryption Hierarchy