Skip to content

restore-the-service-master-key.md

Latest commit

 

History

History
74 lines (50 loc) · 3.19 KB

restore-the-service-master-key.md

File metadata and controls

74 lines (50 loc) · 3.19 KB
title Restore the Service Master Key | Microsoft Docs
ms.custom
ms.date 06/13/2017
ms.prod sql-server-2014
ms.reviewer
ms.technology security
ms.topic conceptual
helpviewer_keywords
service master key [SQL Server], importing
service master key [SQL Server], restoring
ms.assetid 14bdbbbe-d384-4692-b670-4243d2466fe1
author jaszymas
ms.author jaszymas
manager craigg

Restore the Service Master Key

This topic describes how to restore the service master key in [!INCLUDEssCurrent] by using [!INCLUDEtsql].

Warning

It is unlikely that you will ever need to restore the service master key. If you do, you should proceed with extreme caution. For more information, see Back Up the Service Master Key.

In This Topic

Before You Begin

Limitations and Restrictions

  • When the service master key is restored, [!INCLUDEssNoVersion] decrypts all the keys and secrets that have been encrypted with the current service master key, and then encrypts them with the service master key loaded from the backup file.

  • If any one of the decryptions fails, the restore will fail. You can use the FORCE option to ignore errors, but this option will cause the loss of any data that cannot be decrypted.

  • Regenerating the encryption hierarchy is a resource-intensive operation. You should schedule this during a period of low demand.

Caution

The service master key is the root of the [!INCLUDEssNoVersion] encryption hierarchy. The service master key directly or indirectly secures all other keys in the tree. If a dependent key cannot be decrypted during a forced restore, data that is secured by that key will be lost.

Security

Permissions

Requires CONTROL SERVER permission on the server.

Using Transact-SQL

To restore the service master key

  1. Retrieve a copy of the backed-up service master key, either from a physical backup medium or a directory on the local file system.

  2. In Object Explorer, connect to an instance of [!INCLUDEssDE].

  3. On the Standard bar, click New Query.

  4. Copy and paste the following example into the query window and click Execute.

    -- Restores the service master key from a backup file.  
RESTORE SERVICE MASTER KEY   
    FROM FILE = 'c:\temp_backups\keys\service_master_key'   
    DECRYPTION BY PASSWORD = '3dH85Hhk003GHk2597gheij4';  
GO

    [!NOTE]
    The file path to the key and the key's password (if it exists) will be different than what is indicated above. Please make sure that both are specific to your server and key set-up.