Skip to content

Latest commit

 

History

History
75 lines (60 loc) · 3.29 KB

restore-service-master-key-transact-sql.md

File metadata and controls

75 lines (60 loc) · 3.29 KB
title description author ms.author ms.date ms.service ms.subservice ms.topic f1_keywords helpviewer_keywords dev_langs
RESTORE SERVICE MASTER KEY (Transact-SQL)
RESTORE SERVICE MASTER KEY (Transact-SQL)
VanMSFT
vanto
03/14/2017
sql
t-sql
reference
RESTORE SERVICE MASTER KEY
RESTORE_SERVICE_MASTER_KEY_TSQL
LOAD SERVICE MASTER KEY
LOAD_SERVICE_MASTER_KEY_TSQL
importing Service Master Keys
copying Service Master Keys
service master key [SQL Server], importing
RESTORE SERVICE MASTER KEY statement
transferring Service Master Keys
TSQL

RESTORE SERVICE MASTER KEY (Transact-SQL)

[!INCLUDE SQL Server]

Imports a service master key from a backup file.

:::image type="icon" source="../../includes/media/topic-link-icon.svg" border="false"::: Transact-SQL syntax conventions

Syntax

RESTORE SERVICE MASTER KEY FROM FILE = 'path_to_file'   
    DECRYPTION BY PASSWORD = 'password' [FORCE]

Arguments

FILE ='path_to_file'
Specifies the complete path, including file name, to the stored service master key. path_to_file can be a local path or a UNC path to a network location.

PASSWORD ='password'
Specifies the password required to decrypt the service master key that is being imported from a file.

FORCE
Forces the replacement of the service master key, even at the risk of data loss.

Remarks

When the service master key is restored, [!INCLUDEssNoVersion] decrypts all the keys and secrets that have been encrypted with the current service master key, and then encrypts them with the service master key loaded from the backup file.

If any one of the decryptions fails, the restore will fail. You can use the FORCE option to ignore errors, but this option will cause the loss of any data that cannot be decrypted.

Caution

The service master key is the root of the [!INCLUDEssNoVersion] encryption hierarchy. The service master key directly or indirectly secures all other keys in the tree. If a dependent key cannot be decrypted during a forced restore, data that is secured by that key will be lost.

Regenerating the encryption hierarchy is a resource-intensive operation. You should schedule this during a period of low demand.

Permissions

Requires CONTROL SERVER permission on the server.

Examples

The following example restores the service master key from a backup file.

RESTORE SERVICE MASTER KEY   
    FROM FILE = 'c:\temp_backups\keys\service_master_key'   
    DECRYPTION BY PASSWORD = '3dH85Hhk003GHk2597gheij4';  
GO

See Also

Service Master Key
ALTER SERVICE MASTER KEY (Transact-SQL)
BACKUP SERVICE MASTER KEY (Transact-SQL)
Encryption Hierarchy