If your service keys are encrypted with the master key, the master key’s password must be entered into SAP ASE, either automatically or manually, depending on how you specify the master key.
If you do not use automatic master key access, you typically enter the master key’s password with set encryption passwd. However, if a service key is required to decrypt the private key password for network listeners during start-up, you can supply the master key at the command line, or through a command line prompt.
Use the dataserver . . . -- master_key_password parameter to prompt for a master key password during SAP ASE start-up. The user issuing the -- master_key_password parameter must know the master key password for the master database and have physical access to the console and keyboard to enter the password.
dataserver --master_key_passwd -dd_master -eerrorlog
master_key_passwd:_
The password characters do not appear, and the password is not validated until later in the SAP ASE start-up sequence.
dataserver --master_key_passwd=mysecret -dd_master -eerrorlog
The password, mysecret, is blanked out in memory after it is read and used. However, the clear password is visible until the memory is blanked out.
use master go set encryption passwd password for key master go
If you have configured only SSL listeners and you enter the wrong password, SAP ASE shuts down because it cannot start any listeners.
In memory that can be seen with the UNIX ps command
In memory, on an unattended terminal screen, or on disk in command history buffers and files
On the screen
SAP encourages customer sites to prompt for passwords to avoid these vulnerabilities when using attended start-up.