Service Master Key

The Service Master Key is the root of the SQL Server encryption hierarchy. It is generated automatically the first time it is needed to encrypt another key. By default, the Service Master Key is encrypted using the Windows data protection API and using the local machine key. The Service Master Key can only be opened by the Windows service account under which it was created or by a principal with access to both the service account name and its password.

Regenerating or restoring the Service Master Key involves decrypting and re-encrypting the complete encryption hierarchy. Unless the key has been compromised, this resource-intensive operation should be scheduled during a period of low demand.

Best Practice

Back up the Service Master Key and store the backed up copy in a secure, off-site location.

See Also

Tasks

How to: Back Up the Service Master Key
How to: Restore the Service Master Key

Reference

Encryption Hierarchy

Other Resources

BACKUP SERVICE MASTER KEY (Transact-SQL)
RESTORE SERVICE MASTER KEY (Transact-SQL)
ALTER SERVICE MASTER KEY (Transact-SQL)

Help and Information

Getting SQL Server 2005 Assistance