What does recover the service master key mean?

Fbhyyta 1 Reputation point
2022-08-24T14:29:00.257+00:00

Link: https://learn.microsoft.com/en-us/sql/t-sql/statements/alter-service-master-key-transact-sql?view=sql-server-ver16#_changing

If the computer is rebuilt, the same domain user that was previously used by the service account can recover the service master key.

In the above quote, does recover mean be able to decrypt or be able to execute the restore from backup SMK?

SQL Server
SQL Server
A family of Microsoft relational database management and analysis systems for e-commerce, line-of-business, and data warehousing solutions.
12,627 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Erland Sommarskog 100.8K Reputation points MVP
    2022-08-24T21:51:09.427+00:00

    I take it that it means decrypt. Further below is says:

    f you move SQL to another machine, then you have to use the same service account to decrypt the SMK - SQL Server will fix the Machine account encryption automatically.

    0 comments No comments

  2. PandaPan-MSFT 1,901 Reputation points
    2022-08-25T05:28:00.827+00:00

    Hi @Fbhyyta ,
    I agree with @Erland Sommarskog , I also think that the sentence means decrypt. Cuz When restoring the service master key, SQL Server decrypts all keys and secrets that have been encrypted with the current service master key, and then encrypts them with the service master key loaded from the backup archive. If any of the decryption fails, the restore fails. You can take advantage of the FORCE option to omit errors, but this option causes all data that cannot be decrypted to be lost. The quote doesn’t mention anything about the consequence of failure. So I take it as the decrypt.

    Best regards


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment"