Sql-server – Backup and restore SQL Server database with encrypted columns: what should I backup along with database

always-encryptedsql server

Assume I've backed up a SQL Server database with Management Studio, and that database have some encrypted columns. Now I want to restore this database into another fresh-enrolled MSSQL server. To use encrypted columns I had to:

  1. Create database master key;
  2. Create certificate;
  3. Create symmetric key.

Which of those are stored along with backup, and which I should backup manually and restore on the other server manually as well? I see there is SQL statements backup master key, restore master key, backup certificate, create certificate ... from file. So, along with database itself, there are:

  1. Master key;
  2. Master key password;
  3. Certificate;
  4. Certificate private key;
  5. Symmetric key.

So what (and how) should I deal with when I restore my database on a fresh server? Thank you!

Best Answer

You are using column encryption. This is not always-encrypted. When you backup your data base and restore it, you only need to recover the master key. Anything else will be restored through the backup file.

You can restore the master key with this command:

USE [Your_DB_Name]
GO

OPEN MASTER KEY DECRYPTION BY PASSWORD = 'Your_MasterKey_Password'
ALTER MASTER KEY ADD ENCRYPTION BY SERVICE MASTER KEY
CLOSE MASTER KEY
Related Question