sys.dm_database_encryption_keys (Transact-SQL)sys.dm_database_encryption_keys (Transact-SQL)

适用对象:是SQL Server 是Azure SQL 数据库 否Azure Synapse Analytics (SQL DW) 否并行数据仓库APPLIES TO: yesSQL Server yesAzure SQL Database noAzure Synapse Analytics (SQL DW) noParallel Data Warehouse

返回与数据库加密状态以及相关联数据库加密密钥有关的信息。Returns information about the encryption state of a database and its associated database encryption keys. 有关数据库加密的详细信息,请参阅透明数据加密 (TDE)For more information about database encryption, see Transparent Data Encryption (TDE).

列名Column Name 数据类型Data Type 描述Description
database_iddatabase_id intint 数据库 ID。ID of the database.
encryption_stateencryption_state intint 指示数据库是加密的还是未加密的。Indicates whether the database is encrypted or not encrypted.

0 = 不存在数据库加密密钥,未加密0 = No database encryption key present, no encryption

1 = 未加密1 = Unencrypted

2 = 正在进行加密2 = Encryption in progress

3 = 已加密3 = Encrypted

4 = 正在更改密钥4 = Key change in progress

5 = 正在进行解密5 = Decryption in progress

6 = 正在进行保护更改(正在更改对数据库加密密钥进行加密的证书或非对称密钥)。6 = Protection change in progress (The certificate or asymmetric key that is encrypting the database encryption key is being changed.)
create_datecreate_date datetimedatetime 显示的日期 (采用 UTC) 加密密钥的创建。Displays the date (in UTC) the encryption key was created.
regenerate_dateregenerate_date datetimedatetime 显示的日期 (采用 UTC) 重新生成加密密钥。Displays the date (in UTC) the encryption key was regenerated.
modify_datemodify_date datetimedatetime 显示的日期 (采用 UTC) 加密密钥的修改。Displays the date (in UTC) the encryption key was modified.
set_dateset_date datetimedatetime 显示的日期 (采用 UTC) 的加密密钥已应用到数据库。Displays the date (in UTC) the encryption key was applied to the database.
opened_dateopened_date datetimedatetime 打开数据库密钥进行最后一次 (采用 UTC) 后会显示。Shows when (in UTC) the database key was last opened.
key_algorithmkey_algorithm nvarchar(32)nvarchar(32) 显示用于密钥的算法。Displays the algorithm that is used for the key.
key_lengthkey_length intint 显示密钥的长度。Displays the length of the key.
encryptor_thumbprintencryptor_thumbprint varbinary(20)varbinary(20) 显示加密程序的指纹。Shows the thumbprint of the encryptor.
encryptor_typeencryptor_type nvarchar(32)nvarchar(32) 适用范围SQL ServerSQL ServerSQL Server 2012 (11.x)SQL Server 2012 (11.x)当前版本)。Applies to: SQL ServerSQL Server (SQL Server 2012 (11.x)SQL Server 2012 (11.x) through current version).

描述加密程序。Describes the encryptor.
percent_completepercent_complete realreal 数据库加密状态更改的完成百分比。Percent complete of the database encryption state change. 如果未发生状态更改,则为 0。This will be 0 if there is no state change.
encryption_state_descencryption_state_desc nvarchar(32)nvarchar(32) 适用于SQL Server 2019 (15.x)SQL Server 2019 (15.x) 及更高版本。Applies to: SQL Server 2019 (15.x)SQL Server 2019 (15.x) and later.

指示数据库是否是加密或未加密的字符串。String that indicates whether the database is encrypted or not encrypted.

NONE

未加密UNENCRYPTED

加密ENCRYPTED

DECRYPTION_IN_PROGRESSDECRYPTION_IN_PROGRESS

ENCRYPTION_IN_PROGRESSENCRYPTION_IN_PROGRESS

KEY_CHANGE_IN_PROGRESSKEY_CHANGE_IN_PROGRESS

PROTECTION_CHANGE_IN_PROGRESSPROTECTION_CHANGE_IN_PROGRESS
encryption_scan_stateencryption_scan_state intint 适用于SQL Server 2019 (15.x)SQL Server 2019 (15.x) 及更高版本。Applies to: SQL Server 2019 (15.x)SQL Server 2019 (15.x) and later.

指示加密扫描的当前状态。Indicates the current state of the encryption scan.

0 = 否启动扫描,不会启用 TDE0 = No scan has been initiated, TDE is not enabled

1 = 正在进行扫描。1 = Scan is in progress.

2 = 扫描正在进行,但已挂起,用户可以恢复。2 = Scan is in progress but has been suspended, user can resume.

3 = 已成功完成扫描、 启用了 TDE 和加密已完成。3 = Scan has been successfully completed, TDE is enabled and encryption is complete.

4 = 扫描已中止出于某种原因,则需要手动干预。4 = Scan was aborted for some reason, manual intervention is required. 获取更多帮助,请与 Microsoft 支持部门联系。Contact Microsoft Support for more assistance.
encryption_scan_state_descencryption_scan_state_desc nvarchar(32)nvarchar(32) 适用于SQL Server 2019 (15.x)SQL Server 2019 (15.x) 及更高版本。Applies to: SQL Server 2019 (15.x)SQL Server 2019 (15.x) and later.

指示加密扫描的当前状态的字符串。String that indicates the current state of the encryption scan.

NONE

RUNNINGRUNNING

SUSPENDEDSUSPENDED

完成COMPLETE

ABORTEDABORTED
encryption_scan_modify_dateencryption_scan_modify_date datetimedatetime 适用于SQL Server 2019 (15.x)SQL Server 2019 (15.x) 及更高版本。Applies to: SQL Server 2019 (15.x)SQL Server 2019 (15.x) and later.

显示的日期 (采用 UTC) 的加密扫描状态上次修改。Displays the date (in UTC) the encryption scan state was last modified.

权限Permissions

SQL ServerSQL Server,需要VIEW SERVER STATE权限。On SQL ServerSQL Server, requires VIEW SERVER STATE permission.
SQL 数据库SQL Database高级层,需要VIEW DATABASE STATE数据库中的权限。On SQL 数据库SQL Database Premium Tiers, requires the VIEW DATABASE STATE permission in the database. SQL 数据库SQL Database标准版和基本层,需要服务器管理员Azure Active Directory 管理员帐户。On SQL 数据库SQL Database Standard and Basic Tiers, requires the Server admin or an Azure Active Directory admin account.

请参阅See Also

与安全性相关的动态管理视图和函数 (Transact-SQL) Security-Related Dynamic Management Views and Functions (Transact-SQL)
透明数据加密 (TDE) Transparent Data Encryption (TDE)
SQL Server 加密 SQL Server Encryption
SQL Server 和数据库加密密钥(数据库引擎) SQL Server and Database Encryption Keys (Database Engine)
加密层次结构 Encryption Hierarchy
ALTER DATABASE SET 选项 (Transact-SQL) ALTER DATABASE SET Options (Transact-SQL)
CREATE DATABASE ENCRYPTION KEY (Transact-SQL) CREATE DATABASE ENCRYPTION KEY (Transact-SQL)
ALTER DATABASE ENCRYPTION KEY (Transact-SQL) ALTER DATABASE ENCRYPTION KEY (Transact-SQL)
DROP DATABASE ENCRYPTION KEY (Transact-SQL)DROP DATABASE ENCRYPTION KEY (Transact-SQL)