Changes the properties of a credential.
[!IMPORTANT] “Should do” info as best practice; “must do” to complete task Transact-SQL Syntax Conventions
ALTER CREDENTIAL credential_name WITH IDENTITY = 'identity_name'
[ , SECRET = 'secret' ]
credential_name
Specifies the name of the credential that is being altered.
IDENTITY =’identity_name’
Specifies the name of the account to be used when connecting outside the server.
SECRET =’secret’
Specifies the secret required for outgoing authentication. secret is optional.
[!IMPORTANT] Azure SQL Database only supports Azure Key Vault and Shared Access Signature identities. Windows user identities are not supported.
When a credential is changed, the values of both identity_name and secret are reset. If the optional SECRET argument is not specified, the value of the stored secret will be set to NULL.
The secret is encrypted by using the service master key. If the service master key is regenerated, the secret is reencrypted by using the new service master key.
Information about credentials is visible in the sys.credentials catalog view.
Requires ALTER ANY CREDENTIAL permission. If the credential is a system credential, requires CONTROL SERVER permission.
The following example changes the secret stored in a credential called Saddles
. The credential contains the Windows login RettigB
and its password. The new password is added to the credential using the SECRET clause.
ALTER CREDENTIAL Saddles WITH IDENTITY = 'RettigB',
SECRET = 'sdrlk8$40-dksli87nNN8';
GO
The following example removes the password from a credential named Frames
. The credential contains Windows login Aboulrus8
and a password. After the statement is executed, the credential will have a NULL password because the SECRET option is not specified.
ALTER CREDENTIAL Frames WITH IDENTITY = 'Aboulrus8';
GO
Credentials (Database Engine)
CREATE CREDENTIAL (Transact-SQL)
DROP CREDENTIAL (Transact-SQL)
ALTER DATABASE SCOPED CREDENTIAL (Transact-SQL)
CREATE LOGIN (Transact-SQL)
sys.credentials (Transact-SQL)