Dela via


sys.master_key_passwords (Transact-SQL)

Returns a row for each database master key password added by using the sp_control_dbmasterkey_password stored procedure. The passwords that are used to protect the master keys are stored in the credential store. The credential name follows this format: ##DBMKEY_<database_family_guid>_<random_password_guid>##. The password is stored as the credential secret. For each password added by using sp_control_dbmasterkey_password, there is a row in sys.credentials.

Each row in this view shows a credential_id and the family_guid of a database the master key of which is protected by the password associated with that credential. A join with sys.credentials on the credential_id will return useful fields, such as the create_date and credential name.

Column name

Data type

Description

credential_id

int

ID of the credential to which the password belongs. This ID is unique within the server instance.

family_guid

uniqueidentifier

Unique ID of the original database at creation. This GUID remains the same after the database is restored or attached, even if the database name is changed.

If automatic decryption by the service master key fails, SQL Server uses the family_guid to identify credentials that may contain the password used to protect the database master key.

Permissions

The visibility of the metadata in catalog views is limited to securables that a user either owns or on which the user has been granted some permission. For more information, see Metadata Visibility Configuration.

See Also

Reference

Catalog Views (Transact-SQL)

sp_control_dbmasterkey_password (Transact-SQL)

Security Catalog Views (Transact-SQL)

CREATE SYMMETRIC KEY (Transact-SQL)

Concepts

Encryption Hierarchy