THE SQL Server Blog Spot on the Web

Welcome to SQLblog.com - The SQL Server blog spot on the web Sign in | |
in Search

Buck Woody

Carpe Datum!

Have you backed up your keys lately?

Did you know that you already have a Server Master Key (SMK) generated for your system? That’s right – while a Database Master Key (DMK) is generated when you encrypt a certificate or Asymmetric Key with code, the Server Master Key is generated automatically when you start the Instance.

So you should back all of those keys up periodically, and then store that backup AWAY from the server itself.

There are two reasons for this – first, if the drives get stolen and you’re storing the key backup there, well, that should be obvious why that’s bad. Second, you want to protect the keys in case the system is destroyed or you can’t recover the drives. You will need those keys if you have encrypted anything in the database to get the data back.

More here: http://technet.microsoft.com/en-us/library/bb964742.aspx 

No, the standard Maintenance Wizards don’t get this data. And no, I haven’t seen it addressed in most of the maintenance scripts out there anyway – sometimes for good reason, but this means you need to take care of it manually, and then document where you put that backup.

Published Monday, March 01, 2010 7:06 AM by BuckWoody

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Comments

 

Uri Dimant said:

Hi Buck

If i am not storing/using encrypted data  in the database , should I still backup SMK? Can you point me to some real world experience that restore SMK helped to access the non-encrypted  data?

Thanks

March 1, 2010 10:57 AM
 

Uri Dimant said:

Hi Buck

If i am not storing/using encrypted data  in the database , should I still backup SMK? Can you point me to some real world experience that restore SMK helped to access the non-encrypted  data?

Thanks

March 1, 2010 10:57 AM
 

Uri Dimant said:

Hi Buck

If i am not storing/using encrypted data  in the database , should I still backup SMK? Can you point me to some real world experience that restore SMK helped to access the non-encrypted  data?

Thanks

March 1, 2010 10:57 AM
 

BuckWoody said:

Always a good idea to have your keys backed up!

March 1, 2010 11:34 AM

Leave a Comment

(required) 
(required) 
Submit

About BuckWoody

http://buckwoody.com/BResume.html

This Blog

Syndication

Powered by Community Server (Commercial Edition), by Telligent Systems
  Privacy Statement