Dela via

sys.column_master_keys (Transact-SQL)

Applies to: SQL Server 2016 (13.x) and later Azure SQL Database Azure SQL Managed Instance

Returns a row for each database master key added by using the CREATE MASTER KEY statement. Each row represents a single column master key (CMK).

Column name Data type Description
name sysname The name of the CMK.
column_master_key_id int ID of the column master key.
create_date datetime Date the column master key was created.
modify_date datetime Date the column master key was last modified.
key_store_provider_name sysname Name of the provider for the column master key store that contains the CMK. Allowed values are:

MSSQL_CERTIFICATE_STORE - If the column master key store is a Certificate Store.

A user-defined value, if the column master key store is of a custom type.
key_path nvarchar(4000) A column master key store-specific path of the key. The format of the path depends on the column master key store type. Example:


For a custom column master key store, the developer is responsible for defining what a key path is for the custom column master key store.
allow_enclave_computations bit Indicates if the column master key is enclave-enabled, (if column encryption keys, encrypted with this master key, can be used for computations inside server-side secure enclaves). For more information, see Always Encrypted with secure enclaves.
signature varbinary(max) A digital signature of key_path and allow_enclave_computations, produced using the column master key, referenced by key_path.


Requires the VIEW ANY COLUMN MASTER KEY permission.

The visibility of the metadata in catalog views is limited to securables that a user either owns, or on which the user was granted some permission. For more information, see Metadata Visibility Configuration.

See Also

Security Catalog Views (Transact-SQL)
sys.column_encryption_key_values (Transact-SQL)
Always Encrypted
Overview of Key Management for Always Encrypted
Manage keys for Always Encrypted with secure enclaves