Restore the Service Master Key
Applies To: SQL Server 2016
This topic describes how to restore the service master key in SQL Server 2016 by using Transact-SQL.
In This Topic
Before you begin:
When the service master key is restored, SQL Server decrypts all the keys and secrets that have been encrypted with the current service master key, and then encrypts them with the service master key loaded from the backup file.
If any one of the decryptions fails, the restore will fail. You can use the FORCE option to ignore errors, but this option will cause the loss of any data that cannot be decrypted.
Regenerating the encryption hierarchy is a resource-intensive operation. You should schedule this during a period of low demand.
Requires CONTROL SERVER permission on the server.
Retrieve a copy of the backed-up service master key, either from a physical backup medium or a directory on the local file system.
In Object Explorer, connect to an instance of Database Engine.
On the Standard bar, click New Query.
Copy and paste the following example into the query window and click Execute.
-- Restores the service master key from a backup file. RESTORE SERVICE MASTER KEY FROM FILE = 'c:\temp_backups\keys\service_master_key' DECRYPTION BY PASSWORD = '3dH85Hhk003GHk2597gheij4'; GO
The file path to the key and the key's password (if it exists) will be different than what is indicated above. Please make sure that both are specific to your server and key set-up.