TechNet
Export (0) Print
Expand All

BACKUP MASTER KEY (Transact-SQL)

 

THIS TOPIC APPLIES TO:yesSQL Server (starting with 2008)noAzure SQL DatabasenoAzure SQL Data Warehouse noParallel Data Warehouse

Exports the database master key.

Topic link icon Transact-SQL Syntax Conventions

  
BACKUP MASTER KEY TO FILE = 'path_to_file'   
    ENCRYPTION BY PASSWORD = 'password'  

FILE ='path_to_file'
Specifies the complete path, including file name, to the file to which the master key will be exported. This may be a local path or a UNC path to a network location.

PASSWORD ='password'
Is the password used to encrypt the master key in the file. This password is subject to complexity checks. For more information, see Password Policy.

The master key must be open and, therefore, decrypted before it is backed up. If it is encrypted with the service master key, the master key does not have to be explicitly opened. But if the master key is encrypted only with a password, it must be explicitly opened.

We recommend that you back up the master key as soon as it is created, and store the backup in a secure, off-site location.

Requires CONTROL permission on the database.

The following example creates a backup of the AdventureWorks2012 master key. Because this master key is not encrypted by the service master key, a password must be specified when it is opened.

USE AdventureWorks2012;  
OPEN MASTER KEY DECRYPTION BY PASSWORD = 'sfj5300osdVdgwdfkli7';  
BACKUP MASTER KEY TO FILE = 'c:\temp\exportedmasterkey'   
    ENCRYPTION BY PASSWORD = 'sd092735kjn$&adsg';  
GO   

CREATE MASTER KEY (Transact-SQL)
OPEN MASTER KEY (Transact-SQL)
CLOSE MASTER KEY (Transact-SQL)
RESTORE MASTER KEY (Transact-SQL)
ALTER MASTER KEY (Transact-SQL)
DROP MASTER KEY (Transact-SQL)
Encryption Hierarchy

Community Additions

ADD
Show:
© 2016 Microsoft