Please create a master key in the database or open the master key in the session before performing this operation

Ade Darby 5 Reputation points
2025-03-21T14:18:06.8333333+00:00

Why would I get this error in an Azure DataFactory dataflow when running a query against an Azure Synapse lake database?

Operation on target xxx_xxx_xxx failed:

{"StatusCode":"DFExecutorUserError","Message":"Job failed due to reason: at Source '###':

Please create a master key in the database or open the master key in the session before performing this operation.",

"Details":"shaded.msdataflow.com.microsoft.sqlserver.jdbc.SQLServerException:

Please create a master key in the database or open the master key in the session before performing this operation.

\n\tat shaded.msdataflow.com.microsoft.sqlserver.jdbc.SQLServerException.makeFromDatabaseError(SQLServerException.

java:265)\n\tat shaded.msdataflow.com.microsoft.sqlserver.jdbc.SQLServerStatement.getNextResult

(SQLServerStatement.java:1673)\n\tat shaded.msdataflow.com.microsoft.sqlserver.jdbc.SQLServerStatement.

doExecuteStatement(SQLServerStatement.java:907)\n\tat shaded.msdataflow.com.microsoft.sqlserver.jdbc.

SQLServerStatement$StmtExecCmd.doExecute(SQLServerStatement.java:802)\n\tat

shaded.msdataflow.com.microsoft.sqlserver.jdbc.TDSCommand.execute(IOBuffer.java:7627)\n\tat

shaded.msdataflow.com.microsoft.sqlserver.jdbc.SQLServerConnection.

executeCommand(SQLServerConnection.java:3912)\n\tat shaded.msdataflow.com.microsoft.

sqlserver.jdbc.SQLServerStatement.executeCommand(SQLServerStatement.java:268)\n\tat

shaded.msdataflow.com.microsoft.sqlserver.j"}

Azure Data Factory
Azure Data Factory
An Azure service for ingesting, preparing, and transforming data at scale.
11,627 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Chandra Boorla 14,585 Reputation points Microsoft External Staff Moderator
    2025-03-21T16:38:34.2933333+00:00

    @Ade Darby

    The error you are encountering indicates that the database master key needed for cryptographic operations is either missing or not accessible in the session when running your query against the Azure Synapse Lake database. This master key is essential for encrypting or decrypting sensitive data.

    Steps that help you to resolve the issue:

    Check if the master key exists - Run the following SQL query in Synapse:

    SELECT * FROM sys.symmetric_keys WHERE name = '##MS_DatabaseMasterKey##'; 
    

    If no results are returned, create the master key:

    CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'YourSecurePassword123!'; 
    

    Ensure the master key is opened in the session - If the master key exists, modify your query to include:

    OPEN MASTER KEY DECRYPTION BY PASSWORD = 'YourSecurePassword123!'; 
    

    Verify your database scoped credentials - If your query accesses external tables, check if the required credentials exist:

    SELECT * FROM sys.database_scoped_credentials; 
    

    If missing, recreate them using:

    CREATE DATABASE SCOPED CREDENTIAL MyCredential WITH IDENTITY = 'Managed Identity';
    

    Ensure Synapse Managed Identity has access - If your query involves Azure Data Lake Storage, ensure your Synapse workspace managed identity has the Storage Blob Data Reader role on the storage account.

    Security Note - Be cautious with the password you use for the master key. It should be stored securely and not hardcoded in scripts or applications.

    Once you have made sure the master key is properly created and opened, your operation should proceed without the error. If you continue to have issues, feel free to reach out for further assistance.

    Please refer to the similar thread below which will help you to get some useful insights.

    Additionally, please refer the Microsoft documentation.

    I hope this information helps. Please do let us know if you have any further queries.


    If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.