sql server - Restore Service Master Key w/Existing Encryption Data -
i implemented database encryption using symmetric/asymmetric keys , have database master key (dmk) encrypted password. if i'm understand encryption hierarchy correctly, dmk password stored in master database , encrypted service master key (smk). goal copy database server serve "test environment". in order so, i'll need restore copy of service master key on destination server in order encrypt/decrypt data. want make sure i'm reading documentation correctly regarding restore master key command. when restore smk, encrypted data on destination server first decrypted current smk , re-encrypted using new smk. safe assume no other database should adversely affected if have encryption?
looking @ syntax create database encryption key, database master key (dmk) encrypted either server-level certificate or server-level asymmetric key. in order restore database on server, certificate or asymmetric key protects dmk needs present in master database @ destination. once have that, should go.
if cross-environment restore (e.g. prod → dev), re-encrypt key encryptor doesn't exist @ source. it's little added protection ensures restore happens 1 way (i.e. can't overwrite prod dev).
Comments
Post a Comment