A user with sso_role or keycustodian_role can create a service key using:
create encryption key [syb_extpasswdkey | syb_syscommkey]
[ with { static key | master key }]
By default, the static key encrypts the keys. To use the master key, use the with master key parameter.
The user who creates the service key becomes the owner of the key.
When a syb_extpasswdkey is created, all external passwords in sysattributes are reencrypted with the new key using strong encryption.
When a syb_syscommkey is created, any subsequent execution of sp_hidetext uses the new key with strong encryption. sp_hidetext must be executed on an existing database object for the object to be encrypted with the new key. Because reencrypting hidden text may involve very large amounts of data, database administrators should defer executing sp_hidetext to times when there is low system demand.
To create service keys:
An ASE_ENCRYPTION license is required.
The enable encrypted columns configuration parameter must be set.
The user creating the service key must have sso_role or keycustodian_role.
The master key must be created before the service key, if you are protecting service keys with the master key.
You cannot use dual control with service keys.
