A user with sso_role or keycustodian_role can drop a master or dual master key provided that there are no other column encryption keys that are currently encrypted using that master or dual master key. Use:
drop encryption key [dual] master
When a master or dual master key is dropped, Adaptive Server:
Drops the master or dual master key, and its key copies. All regular key copies, the automatic_startup key copy, and recovery key copies are deleted from the database.
Deletes the master key encryption keys from the master keystart-upfile, if an automatic_startup key coply exists.
To delete only the regular key copy, use:
alter encryption key [dual] master drop encryption for user username
To delete only the recovery key copy, use:
alter encryption key [dual] master drop encryption for recovery
To delete only the automatic_startup key copy, use:
alter encryption key [dual] master drop encryption for automatic_startup
