BACKUP MASTER KEY (Transact-SQL)

**APPLIES TO:** ![yes](media/yes.png)SQL Server (starting with 2008) ![no](media/no.png)Azure SQL Database ![no](media/no.png)Azure SQL Data Warehouse ![no](media/no.png)Parallel Data Warehouse

Exports the database master key.

Topic link icon Transact-SQL Syntax Conventions

Syntax

  
BACKUP MASTER KEY TO FILE = 'path_to_file'   
    ENCRYPTION BY PASSWORD = 'password'

Arguments

FILE =’path_to_file
Specifies the complete path, including file name, to the file to which the master key will be exported. This may be a local path or a UNC path to a network location.

PASSWORD =’password
Is the password used to encrypt the master key in the file. This password is subject to complexity checks. For more information, see Password Policy.

Remarks

The master key must be open and, therefore, decrypted before it is backed up. If it is encrypted with the service master key, the master key does not have to be explicitly opened. But if the master key is encrypted only with a password, it must be explicitly opened.

We recommend that you back up the master key as soon as it is created, and store the backup in a secure, off-site location.

Permissions

Requires CONTROL permission on the database.

Examples

The following example creates a backup of the AdventureWorks2012 master key. Because this master key is not encrypted by the service master key, a password must be specified when it is opened.

USE AdventureWorks2012;  
OPEN MASTER KEY DECRYPTION BY PASSWORD = 'sfj5300osdVdgwdfkli7';  
BACKUP MASTER KEY TO FILE = 'c:\temp\exportedmasterkey'   
    ENCRYPTION BY PASSWORD = 'sd092735kjn$&adsg';  
GO

See Also

CREATE MASTER KEY (Transact-SQL)
OPEN MASTER KEY (Transact-SQL)
CLOSE MASTER KEY (Transact-SQL)
RESTORE MASTER KEY (Transact-SQL)
ALTER MASTER KEY (Transact-SQL)
DROP MASTER KEY (Transact-SQL)
Encryption Hierarchy