Export (0) Print
Expand All
This topic has not yet been rated - Rate this topic

Setting Up an Encrypted Mirror Database

To enable automatic decryption of the database master key of a mirror database, you must provide the password used to encrypt the master key to the mirror server instance. SQL Server 2005 includes mechanisms to transfer the password. Use sp_control_dbmasterkey_password to create a credential for the database master key before you start database mirroring. You must repeat this process for every database that will be mirrored. For more information, see sp_control_dbmasterkey_password (Transact-SQL).

ms188292.Caution(en-US,SQL.90).gifCaution:
Do not enable failover decryption of a database that must remain inaccessible to sa and other highly privileged server principals. You can configure a database so that its key hierarchy cannot be decrypted by the service master key. This option is supported as a defense-in-depth for databases that contain information that should not be accessible to sa or other highly privileged server principals. Enabling failover decryption of such a database removes this defense-in-depth, enabling sa and other highly privileged server principals to decrypt the database.

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.