.png)
ALTER MASTER KEY (Transact-SQL)
Changes the properties of a database master key.
ALTER MASTER KEY <alter_option>
<alter_option> ::=
<regenerate_option> | <encryption_option>
<regenerate_option> ::=
[ FORCE ] REGENERATE WITH ENCRYPTION BY PASSWORD ='password'<encryption_option> ::=
ADD ENCRYPTION BY { SERVICE MASTER KEY | PASSWORD ='password' }
|
DROP ENCRYPTION BY { SERVICE MASTER KEY | PASSWORD ='password' }
The REGENERATE option re-creates the database master key and all the keys it protects. The keys are first decrypted with the old master key, and then encrypted with the new master key. This resource-intensive operation should be scheduled during a period of low demand, unless the master key has been compromised.
When the FORCE option is used, key regeneration will continue even if the master key is unavailable or the server cannot decrypt all the encrypted private keys. If the master key cannot be opened, use the RESTORE MASTER KEY statement to restore the master key from a backup. Use the FORCE option only if the master key is irretrievable or if decryption fails. Information that is encrypted only by an irretrievable key will be lost.
The DROP ENCRYPTION BY SERVICE MASTER KEY option removes the encryption of the database master key by the service master key.
ADD ENCRYPTION BY SERVICE MASTER KEY causes a copy of the master key to be encrypted using the service master key and stored in both the current database and in master.
