ALTER CREDENTIAL (Transact-SQL)

**APPLIES TO:** ![yes](media/yes.png)SQL Server (starting with 2008) ![yes](media/yes.png)Azure SQL Database (Managed Instance only) ![no](media/no.png)Azure SQL Data Warehouse ![no](media/no.png)Parallel Data Warehouse

Changes the properties of a credential.

[!IMPORTANT] “Should do” info as best practice; “must do” to complete task Topic link icon Transact-SQL Syntax Conventions

Syntax

  
ALTER CREDENTIAL credential_name WITH IDENTITY = 'identity_name'  
    [ , SECRET = 'secret' ]  

Arguments

credential_name
Specifies the name of the credential that is being altered.

IDENTITY =’identity_name
Specifies the name of the account to be used when connecting outside the server.

SECRET =’secret
Specifies the secret required for outgoing authentication. secret is optional.

[!IMPORTANT] Azure SQL Database only supports Azure Key Vault and Shared Access Signature identities. Windows user identities are not supported.

Remarks

When a credential is changed, the values of both identity_name and secret are reset. If the optional SECRET argument is not specified, the value of the stored secret will be set to NULL.

The secret is encrypted by using the service master key. If the service master key is regenerated, the secret is reencrypted by using the new service master key.

Information about credentials is visible in the sys.credentials catalog view.

Permissions

Requires ALTER ANY CREDENTIAL permission. If the credential is a system credential, requires CONTROL SERVER permission.

Examples

A. Changing the password of a credential

The following example changes the secret stored in a credential called Saddles. The credential contains the Windows login RettigB and its password. The new password is added to the credential using the SECRET clause.

ALTER CREDENTIAL Saddles WITH IDENTITY = 'RettigB',   
    SECRET = 'sdrlk8$40-dksli87nNN8';  
GO  

B. Removing the password from a credential

The following example removes the password from a credential named Frames. The credential contains Windows login Aboulrus8 and a password. After the statement is executed, the credential will have a NULL password because the SECRET option is not specified.

ALTER CREDENTIAL Frames WITH IDENTITY = 'Aboulrus8';  
GO  

See Also

Credentials (Database Engine)
CREATE CREDENTIAL (Transact-SQL)
DROP CREDENTIAL (Transact-SQL)
ALTER DATABASE SCOPED CREDENTIAL (Transact-SQL)
CREATE LOGIN (Transact-SQL)
sys.credentials (Transact-SQL)