“Better safe than sorry.” Back it up, store it with your regular backups (making sure you have the password stored somewhere securely in separate location). Not at all.)īasically I like to follow the golden rule. Setting aside the possibility of someone setting up encryption and not telling you (don’t laugh, I’m betting it’s happened to at least one person reading this) did you know that passwords used in a linked server are encrypted? This means that if you have a disaster and you are using linked servers you had best hope that either the SMK is backed up, or you have all of the passwords used in the linked servers. Now you may be thinking “But I’m not using encryption, why should I worry about this?” Well you may be using encryption and not realize it. So if you are using encryption then you absolutely need to backup this key for DR purposes.īacking up the SMK (Service Master Key) is pretty simple using the BACKUP SERVICE MASTER KEY command: BACKUP SERVICE MASTER KEY TO FILE = 'path_to_file' This means that any certificate or key will be encrypted using, in part, the Service Master Key.
What I do know however, is that the Service Master Key is the top of the encryption chain on an instance. You can use the BACKUP MASTER KEY statement to create those backups.I’m by no means an expert in SQL Server encryption. It is therefore important that you have a good backup of each DMK. It potentially can be required to access all your encrypted data. The Database Master Key is the root of the database encryption hierarchy in SQL Server. And remember to also safe that passphrase, as without it you cannot restore the key. The backup itself should be stored in a secure off-site location. This should, as always when dealing with encryption keys, be a strong and unique passphrase. The second is the password that is used to protect the backup file from prying eyes. This file must not exist, as an existing backup file will cause an error.
The first is part of the TO FILE clause and specifies where the backup will be stored. Like the BACKUP SERVICE MASTER KEY statement, the BACKUP MASTER KEY statement has just two "parameters". Note that the word "database" is omitted from this statement to prevent confusion with the BACKUP DATABASE statement.
0 kommentar(er)
