sys.key_encryptions (Transact-SQL)
Applies to: 
SQL Server
Azure SQL Database
Azure SQL Managed Instance
Returns a row for each symmetric key encryption specified by using the ENCRYPTION BY clause of the CREATE SYMMETRIC KEY statement.
| Column names | Data types | Description |
|---|---|---|
| key_id | int | ID of the encrypted key. |
| thumbprint | varbinary(32) | SHA-1 hash of the certificate with which the key is encrypted, or the GUID of the symmetric key with which the key is encrypted. |
| crypt_type | char(4) | Type of encryption: ESKS = Encrypted by symmetric key ESKP, ESP2, or ESP3 = Encrypted by password EPUC = Encrypted by certificate EPUA = Encrypted by asymmetric key ESKM = Encrypted by master key |
| crypt_type_desc | nvarchar(60) | Description of encryption type: ENCRYPTION BY SYMMETRIC KEY ENCRYPTION BY PASSWORD (Beginning with SQL Server 2017 (14.x), includes a version number for use by CSS.) ENCRYPTION BY CERTIFICATE ENCRYPTION BY ASYMMETRIC KEY ENCRYPTION BY MASTER KEY Note: Windows DPAPI is used to protect the service master key. |
| crypt_property | varbinary(max) | Signed or encrypted bits. |
Permissions
The visibility of the metadata in catalog views is limited to securables that a user either owns, or on which the user was granted some permission. For more information, see Metadata Visibility Configuration.
See Also
Catalog Views (Transact-SQL)
Security Catalog Views (Transact-SQL)
Encryption Hierarchy
CREATE SYMMETRIC KEY (Transact-SQL)