TDE - changing master key password

  • We recently implemented TDE on a few of our SQL servers, and I had a question regarding the password for the master key.

    One of our servers contains databases that are log shipped from our primary server, and so of course I have the same key and certificates on both servers.  If we need to change the password for the master key, I assume we would need to change it on both servers?  Is the password actually used by the key for encryptions purposes, or is it just used to restore the key itself?

    I've been able to find documentation online for changing the password, but not specific to this scenario.  Would it be enough to simply change the password on both machines, or are there other steps that we need to take as part of the process?


  • The master key password is used to decrypt the master key.  If you change the password AND you are decrypting it by password (as opposed to decrypting by the service master key), anything that uses the password (stored procedures, triggers, etc) will need to be updated.

    You will also need the password if you restore the key from backup unless you change the password when you restore the key.

    The above is all just my opinion on what you should do. 
    As with all advice you find on a random internet forum - you shouldn't blindly follow it.  Always test on a test server to see if there is negative side effects before making changes to live!

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic. Login to reply