sys.master_key_passwords (Transact-SQL)

Applies to: SQL Server Azure SQL Managed Instance

Returns a row for each database master key password added by using the sp_control_dbmasterkey_password stored procedure. The passwords that are used to protect the master keys are stored in the credential store. The credential name follows this format: ##DBMKEY_<database_family_guid>_<random_password_guid>##. The password is stored as the credential secret. For each password added by using sp_control_dbmasterkey_password, there is a row in sys.credentials.

Each row in this view shows a credential_id and the family_guid of a database the master key of which is protected by the password associated with that credential. A join with sys.credentials on the credential_id will return useful fields, such as the create_date and credential name.

Column name Data type Description
credential_id int ID of the credential to which the password belongs. This ID is unique within the server instance.
family_guid uniqueidentifier Unique ID of the original database at creation. This GUID remains the same after the database is restored or attached, even if the database name is changed.

If automatic decryption by the service master key fails, SQL Server uses the family_guid to identify credentials that may contain the password used to protect the database master key.

Permissions

The visibility of the metadata in catalog views is limited to securables that a user either owns, or on which the user was granted some permission. For more information, see Metadata Visibility Configuration.

See Also

Catalog Views (Transact-SQL)
sp_control_dbmasterkey_password (Transact-SQL)
Security Catalog Views (Transact-SQL)
CREATE SYMMETRIC KEY (Transact-SQL)
Encryption Hierarchy