Skip to content

Commit 522fd0c

Browse files
williamadbawilliamadba
committed
update comments
1 parent e4a5397 commit 522fd0c

File tree

2 files changed

+8
-4
lines changed

2 files changed

+8
-4
lines changed

backup database master keys.sql

+6-2
Original file line numberDiff line numberDiff line change
@@ -9,17 +9,21 @@
99
-- The password must be the current password for the database key.
1010
-- If the password is not known, you must regenerate the password and immediately re-backup the key. Note this will force all encyrypted data to be unencrypted and re-encrypted. It is transparent but could be time-consuming.
1111
-- https://docs.microsoft.com/sql/t-sql/statements/alter-master-key-transact-sql follow directions to REGENERATE key with new password.
12+
-- See also: toolbox\backup service master key.sql
1213

1314
exec sp_msforeachdb 'use [?];
1415
if exists(select * from sys.symmetric_keys )
1516
begin
1617
select ''Database key(s) found in [?]''
1718
select ''USE [?];''
1819
select ''OPEN MASTER KEY DECRYPTION BY PASSWORD = ''''passwordhere'''';
19-
BACKUP MASTER KEY TO FILE = ''''c:\temp\?_''+name+''_20200131.key''''
20+
BACKUP MASTER KEY TO FILE = ''''c:\temp\?_''+name+''_20200131.snk''''
2021
ENCRYPTION BY PASSWORD = ''''passwordhere'''';
2122
GO ''
2223
from sys.symmetric_keys;
2324
END';
2425

25-
--exec sp_msforeachdb 'use [?]; select ''[?]'',* from sys.symmetric_keys';
26+
--exec sp_msforeachdb 'use [?]; select ''[?]'',* from sys.symmetric_keys';
27+
28+
--THEN:
29+
--Move the file to enterprise security vault, along with its password, associated with the SQL instance.

lab - tde encryption workshop 2014.sql

+2-2
Original file line numberDiff line numberDiff line change
@@ -37,8 +37,8 @@ WITH SUBJECT = 'Testing TDE Cert'
3737
, EXPIRY_DATE = '3/14/2071'; --Future Date
3838
--SELECT * FROM sys.certificates where name = 'TDECert_enctest_2012'
3939
GO
40-
BACKUP SERVICE MASTER KEY --not actually important for TDE, but important overall and should be backed up regardless.
41-
TO FILE = 'E:\Program Files\Microsoft SQL Server\MSSQL14.SQL2K17\MSSQL\data\SQLServiceMasterKey_20120314.smk'
40+
BACKUP SERVICE MASTER KEY --not actually important for TDE, but important overall and should be backed up regardless. See also: toolbox\backup service master key.sql
41+
TO FILE = 'E:\Program Files\Microsoft SQL Server\MSSQL14.SQL2K17\MSSQL\data\SQLServiceMasterKey_20120314.snk'
4242
ENCRYPTION BY PASSWORD = '$1234testpassword'
4343

4444
BACKUP MASTER KEY --each instance can have its own master key.

0 commit comments

Comments
 (0)