sys.master_key_passwords (Transact-SQL)

Returns a row for each database master key password added by using the sp_control_dbmasterkey_password stored procedure. The passwords that are used to protect the master keys are stored in the credential store. The credential name follows this format: ##DBMKEY_<database_family_guid>_<random_password_guid>##. The password is stored as the credential secret. For each password added by using sp_control_dbmasterkey_password, there is a row in sys.credentials.

Each row in this view shows a credential_id and the family_guid of a database the master key of which is protected by the password associated with that credential. A join with sys.credentials on the credential_id will return useful fields, such as the create_date and credential name.

Column name

Data type




ID of the credential to which the password belongs. This ID is unique within the server instance.



Unique ID of the original database at creation. This GUID remains the same after the database is restored or attached, even if the database name is changed.

If automatic decryption by the service master key fails, SQL Server uses the family_guid to identify credentials that may contain the password used to protect the database master key.


In SQL Server 2005 and later versions, the visibility of the metadata in catalog views is limited to securables that a user either owns or on which the user has been granted some permission. For more information, see Metadata Visibility Configuration.