BACKUP MASTER KEY (Transact-SQL)

SQL Server 2005 Books Online (November 2008)

Exports the database master key.

Transact-SQL Syntax Conventions

 Syntax

BACKUP MASTER KEY TO FILE = 'path_to_file' 
    ENCRYPTION BY PASSWORD = 'password'

 Arguments

FILE = 'path_to_file'

Specifies the complete path, including file name, to the file to which the master key will be exported. This may be a local path or a UNC path to a network location.

PASSWORD = 'password'

Is the password used to encrypt the master key in the file. This password is subject to complexity checks. For more information, see Password Policy.

 Remarks

The master key must be open and, therefore, decrypted before it is backed up. If it is encrypted with the service master key, the master key does not have to be explicitly opened. But if the master key is encrypted only with a password, it must be explicitly opened.

We recommend that you back up the master key as soon as it is created, and store the backup in a secure, off-site location.

 Permissions

Requires CONTROL permission on the database.

 Examples

The following example creates a backup of the AdventureWorks master key. Because this master key is not encrypted by the service master key, a password must be specified when it is opened.

USE AdventureWorks;
OPEN MASTER KEY DECRYPTION BY PASSWORD = 'sfj5300osdVdgwdfkli7';
BACKUP MASTER KEY TO FILE = 'c:\temp\exportedmasterkey' 
    ENCRYPTION BY PASSWORD = 'sd092735kjn$&adsg';
GO 

 See Also

Reference

CREATE MASTER KEY (Transact-SQL)
OPEN MASTER KEY (Transact-SQL)
CLOSE MASTER KEY (Transact-SQL)
RESTORE MASTER KEY (Transact-SQL)
ALTER MASTER KEY (Transact-SQL)
DROP MASTER KEY (Transact-SQL)

Other Resources

Encryption Hierarchy

Help and Information

Getting SQL Server 2005 Assistance