Service keys decrypt passwords that initiate connections by Replication Agents on user databases. Agents that are configured to start automatically are blocked until an authorized user enters the master key password manually, if the service key is encrypted by a master key.
If a service key is in a user database that is replicated, the service key is also available on the replicate database because the sysencryptkeys table that stores the encryption keys is also replicated. The master key is also stored in the sysencryptkeys table that is replicated, and also available on the replicate database. Because they are encrypted, service keys remain protected during the replication process.
After the Adaptive Server has been started, an authorized user can connect and set the master key password for each database using:
use mydb go set encryption passwd password for key master go
A Replication Agent that is waiting for the master key password can be identified by the status value “passwd sleep”:
sp_who go
fid spid status loginame origname hostname blk_spid dbname tempdbname cmd block_xloid --- ---- ----------- ------ -------- -------- ------ ------ ---------- --------- ----------- 0 38 passwd sleep NULL NULL NULL 0 tdb4 tempdb REP AGENT 0
