We recently implemented TDE on a few of our SQL servers, and I had a question regarding the password for the master key.
One of our servers contains databases that are log shipped from our primary server, and so of course I have the same key and certificates on both servers. If we need to change the password for the master key, I assume we would need to change it on both servers? Is the password actually used by the key for encryptions purposes, or is it just used to restore the key itself?
I've been able to find documentation online for changing the password, but not specific to this scenario. Would it be enough to simply change the password on both machines, or are there other steps that we need to take as part of the process?