DROP DATABASE ENCRYPTION KEY (Transact-SQL)

SQL Server 2008 Books Online (June 2009)

Drops a database encryption key that is used in transparent database encryption. For more information about transparent database encryption, see Understanding Transparent Data Encryption (TDE).

Transact-SQL Syntax Conventions

 Syntax

DROP DATABASE ENCRYPTION KEY

 Remarks

If the database is encrypted, you must first remove encryption from the database by using the ALTER DATABASE statement. Wait for decryption to complete before removing the database encryption key. For more information about the ALTER DATABASE statement, see ALTER DATABASE SET Options (Transact-SQL). To view the state of the database, use the sys.dm_database_encryption_keys dynamic management view. For more information, see sys.dm_database_encryption_keys (Transact-SQL).

 Permissions

Requires CONTROL permission on the database.

 Examples

A. Dropping a Database Encryption Key

The following example removes the database encryption and drops the database encryption key.

ALTER DATABASE AdventureWorks
SET ENCRYPTION OFF;
GO
/* Wait for decryption operation to complete, look for a 
value of  1 in the query below. */
SELECT encryption_state
FROM sys.dm_database_encryption_keys;
GO
USE AdventureWorks
GO
DROP DATABASE ENCRYPTION KEY;
GO

 See Also

Reference

ALTER DATABASE SET Options (Transact-SQL)
CREATE DATABASE ENCRYPTION KEY (Transact-SQL)
ALTER DATABASE ENCRYPTION KEY (Transact-SQL)
sys.dm_database_encryption_keys (Transact-SQL)

Other Resources

Understanding Transparent Data Encryption (TDE)
SQL Server Encryption
SQL Server and Database Encryption Keys (Database Engine)
Encryption Hierarchy

Help and Information

Getting SQL Server 2008 Assistance