Post reply

Transparent Data encryption password so and keys lost

  • April 6, 2017 at 8:36 am

    #320224

    Hello everyone, 

    I support a sql server 2008r2 instance which hosts around 700 databases and are encrypted via TDE. The keys and passwords are lost and we need them to restore the databases onto another instance.  Is there any way to recover the password or the keys? 

    Is it possible to backup the keys with new password and use it to restore the databases onto another instance. 

    Any guidance will be appreciated. TIA

  • April 6, 2017 at 8:47 am

    #1937064

    You should be able to backup the certificate that was used to encrypt the databases (which should be stored in the master DB,) using a password of your choice, then restore said certificate to the new server, followed by the DBs.

    I'm presuming when you say the "keys and passwords" you're referring to the database master key?

  • April 6, 2017 at 9:07 am

    #1937069

    lohithkschalam 92184 - Thursday, April 6, 2017 8:36 AM

    Hello everyone, 

    I support a sql server 2008r2 instance which hosts around 700 databases and are encrypted via TDE. The keys and passwords are lost and we need them to restore the databases onto another instance.  Is there any way to recover the password or the keys? 

    Is it possible to backup the keys with new password and use it to restore the databases onto another instance. 

    Any guidance will be appreciated. TIA

    Take a new backup of the cert from the source server with your own password and then restore this to the target server.
    If the target server does not have a DMK already you'll need to create one, but you don't and indeed shouldn't take it from the source server.

    See my article at this link

    jasona.work - Thursday, April 6, 2017 8:47 AM

    You should be able to backup the certificate that was used to encrypt the databases (which should be stored in the master DB,) using a password of your choice, then restore said certificate to the new server, followed by the DBs.

    I'm presuming when you say the "keys and passwords" you're referring to the database master key?

    Database master key from the source server is not required, just the cert itself

    -----------------------------------------------------------------------------------------------------------

    "Ya can't make an omelette without breaking just a few eggs" 😉

  • April 16, 2017 at 10:10 pm

    This was removed by the editor as SPAM

Viewing 4 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic. Login to reply