ALTER DATABASE SCOPED CREDENTIAL (Transact-SQL)

**APPLIES TO:** ![yes](media/yes.png)SQL Server (starting with 2008) ![yes](media/yes.png)Azure SQL Database ![yes](media/yes.png)Azure SQL Data Warehouse ![yes](media/yes.png)Parallel Data Warehouse

Changes the properties of a database scoped credential.

Topic link icon Transact-SQL Syntax Conventions

Syntax

  
ALTER DATABASE SCOPED CREDENTIAL credential_name WITH IDENTITY = 'identity_name'  
    [ , SECRET = 'secret' ]  

Arguments

credential_name
Specifies the name of the database scoped credential that is being altered.

IDENTITY =’identity_name
Specifies the name of the account to be used when connecting outside the server. To import a file from Azure Blob storage, the identity name must be SHARED ACCESS SIGNATURE. For more information about shared access signatures, see Using Shared Access Signatures (SAS).

SECRET =’secret**‘**
Specifies the secret required for outgoing authentication. secret is required to import a file from Azure Blob storage. secret may be optional for other purposes.
> [!WARNING] > The SAS key value might begin with a’?’ (question mark). When you use the SAS key, you must remove the leading ‘?’. Otherwise your efforts might be blocked.

Remarks

When a database scoped credential is changed, the values of both identity_name and secret are reset. If the optional SECRET argument is not specified, the value of the stored secret will be set to NULL.

The secret is encrypted by using the service master key. If the service master key is regenerated, the secret is reencrypted by using the new service master key.

Information about database scoped credentials is visible in the sys.database_scoped_credentials catalog view.

Permissions

Requires ALTER permission on the credential.

Examples

A. Changing the password of a database scoped credential

The following example changes the secret stored in a database scoped credential called Saddles. The database scoped credential contains the Windows login RettigB and its password. The new password is added to the database scoped credential using the SECRET clause.

ALTER DATABASE SCOPED CREDENTIAL AppCred WITH IDENTITY = 'RettigB',   
    SECRET = 'sdrlk8$40-dksli87nNN8';  
GO  

B. Removing the password from a credential

The following example removes the password from a database scoped credential named Frames. The database scoped credential contains Windows login Aboulrus8 and a password. After the statement is executed, the database scoped credential will have a NULL password because the SECRET option is not specified.

ALTER DATABASE SCOPED CREDENTIAL Frames WITH IDENTITY = 'Aboulrus8';  
GO  

See Also

Credentials (Database Engine)
CREATE DATABASE SCOPED CREDENTIAL (Transact-SQL)
DROP DATABASE SCOPED CREDENTIAL (Transact-SQL)
sys.database_scoped_credentials
CREATE CREDENTIAL (Transact-SQL)
sys.credentials (Transact-SQL)