MasterKey Class

The MasterKey object represents a SQL Server database master key.

Namespace:  Microsoft.SqlServer.Management.Smo
Assembly:  Microsoft.SqlServer.Smo (in Microsoft.SqlServer.Smo.dll)

Syntax

'Declaration
Public NotInheritable Class MasterKey _
    Inherits SqlSmoObject _
    Implements IDroppable
'Usage
Dim instance As MasterKey

public sealed class MasterKey : SqlSmoObject, 
    IDroppable

public ref class MasterKey sealed : public SqlSmoObject, 
    IDroppable

[<SealedAttribute>]
type MasterKey =  
    class
        inherit SqlSmoObject
        interface IDroppable
    end

public final class MasterKey extends SqlSmoObject implements IDroppable

Remarks

A database master key is used to symmetrically encrypt keys and certificates that are stored in the database. A database master key can be encrypted by using the service master key or by using a user-specified password. When a database master key is created, a password must be supplied to encrypt and decrypt it.

When a database is attached to an instance of SQL Server, the database administrator must either supply the master key password or make an unencrypted copy of the master key that is available for encryption with the service master key.

The service master key is the top layer in the encryption hierarchy that is used to encrypt lower layers in the encryption hierarchy. The service master key is generated automatically by Windows. It can be opened only by the Windows service account under which it was created, or by a user who knows both the service account name and its password.

To get MasterKey object properties, users can be a member of the public fixed server role.

To set MasterKey object properties, users must have CONTROL permission on the database or be a member of the db_owner fixed database role.

To create or drop a master key, users must have CONTROL permission on the database or be a member of the db_owner fixed database role.

To open or regenerate a master key, users must have CONTROL permission on the database or be a member of the db_owner fixed database role.

To add or drop service key encryption, users must have CONTROL permission on the database or be a member of the db_owner fixed database role.

To drop a master key, users can be a member of the public fixed server role.

Inheritance Hierarchy

System.Object
  Microsoft.SqlServer.Management.Smo.SmoObjectBase
    Microsoft.SqlServer.Management.Smo.SqlSmoObject
      Microsoft.SqlServer.Management.Smo.MasterKey

Thread Safety

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

See Also

Reference

MasterKey Members

Microsoft.SqlServer.Management.Smo Namespace

Other Resources

Encryption Hierarchy

CREATE MASTER KEY (Transact-SQL)