Creating a Master Key

Create the master key for the database.

The master key:
  • Is a database-level key, created by a user with sso_role or keycustodian_role.
  • Is used as a key encryption for user-defined encryption keys.
  • Replaces the system-encryption password as the default key encryption key (KEK) for user-defined keys.
    Note: SAP recommends that you do not create system encryption passwords after you have created master keys.
  • Can be used with the dual master key as a composite key to provide dual control and split knowledge for all user-created keys. Alternatively, the master key can be used as a composite key with a column encryption key’s explicit password.
  • Can be altered to add key copies. Master key copies provide access to the dual-master key for unattended start-up, to support recovery of the master key, and to allow users other than the base-key owner to set the encryption password.
  1. In the left pane of the Administration Console, expand ASE Servers > Security > Encryption Keys.
  2. Click Master Keys.
  3. Select New.
    You see the Add Master Key wizard.
  4. Select the server and database where the encryption key is being defined.
  5. Enter a password for the master key and confirm it.
  6. (Optional) Click Summary to verify your selected options.
Related concepts
Dual Control and Split Knowledge
Manage Encryption Keys
Related tasks
Modifying, Regenerating, and Deleting a Master Key
Related reference
Master Key Properties