Lost Database encryption (TDE) password, How to recover?

Raveendar Oddi 26 Reputation points
2022-02-03T09:21:22.123+00:00

Hi ,

Our DBA lost the password of the certificate with which our database was encrypted. We've to migrate the database to latest.
How can I recover? If I create a new on can I apply new cert to the DB?
Can I disable the TDE, then backup and restore then Encrypt? Is it possible and impact?

Thanks !

SQL Server Migration Assistant
SQL Server Migration Assistant
A Microsoft tool designed to automate database migration to SQL Server from Access, DB2, MySQL, Oracle, and SAP ASE.
569 questions
0 comments No comments
{count} votes

Accepted answer
  1. YufeiShao-msft 7,146 Reputation points
    2022-02-04T06:40:26.867+00:00

    Hi @Raveendar Oddi ,

    The best option are to either restore the certificate from a backup, or restore your master database and its master key
    In any case, you're going to have to make key/certificate backups

    backup your Service Master Key from the original Server and restore this onto the target Server
    restore the master database over the existing one to recover the TDE certificate as long as you use the same service account on the new system.

    backup the cert from source server (Source encryptedserver) :

    BACKUP CERTIFICATE vestacert  
    TO FILE = 'c:\Backup\certificate_TDE_Test_Certificate.cer'  
    WITH PRIVATE KEY  
    (FILE = 'c:\Backup\certificate_TDE_Test_Key.pvk',  
    ENCRYPTION BY PASSWORD = 'Password12#')  
    

    https://dba.stackexchange.com/questions/34753/can-i-recover-a-tde-certificate-by-restoring-the-master-database
    Recovering a TDE protected database without the Certificate
    Lost Password for Data Encryption

    -------------

    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.