设置加密的镜像数据库Set Up an Encrypted Mirror Database

适用于:Applies to: 是SQL ServerSQL Server(所有支持的版本)yesSQL ServerSQL Server (all supported versions) 适用于:Applies to: 是SQL ServerSQL Server(所有支持的版本)yesSQL ServerSQL Server (all supported versions)

若要对镜像数据库的数据库主密钥启用自动解密,必须提供用于加密该镜像服务器实例的主密钥的口令。To enable automatic decryption of the database master key of a mirror database, you must provide the password used to encrypt the master key to the mirror server instance. SQL Server 2005 (9.x)SQL Server 2005 (9.x) 和更高版本包括传输密码的机制。and later versions include mechanisms to transfer the password. 在开始数据库镜像之前,请使用 sp_control_dbmasterkey_password 为数据库主密钥创建一个凭据。Use sp_control_dbmasterkey_password to create a credential for the database master key before you start database mirroring. 必须为要镜像的每个数据库重复此过程。You must repeat this process for every database that will be mirrored. 有关详细信息,请参阅 sp_control_dbmasterkey_password (Transact-SQL)For more information, see sp_control_dbmasterkey_password (Transact-SQL).

注意

对于 sa 和其他特权级别高的服务器主体无法访问的数据库,不要启用其故障转移解密功能。Do not enable failover decryption of a database that must remain inaccessible to sa and other highly privileged server principals. 可以对数据库进行配置,以便服务主密钥无法对其密钥层次结构进行解密。You can configure a database so that its key hierarchy cannot be decrypted by the service master key. 对于包含 sa 或其他高特权服务器主体不应访问的信息的数据库来说,此选项是一项深层防御措施。This option is supported as a defense-in-depth for databases that contain information that should not be accessible to sa or other highly privileged server principals. 为此类数据库启用故障转移解密将解除此深层防御措施,使 sa 和其他高特权服务器主体能够解密该数据库。Enabling failover decryption of such a database removes this defense-in-depth, enabling sa and other highly privileged server principals to decrypt the database.

另请参阅See Also

sp_control_dbmasterkey_password (Transact-SQL) sp_control_dbmasterkey_password (Transact-SQL)
CREATE MASTER KEY (Transact-SQL) CREATE MASTER KEY (Transact-SQL)
ALTER MASTER KEY (Transact-SQL) ALTER MASTER KEY (Transact-SQL)
加密层次结构 Encryption Hierarchy
设置数据库镜像 (SQL Server)Setting Up Database Mirroring (SQL Server)