create encryption key

The create encryption key command supports the full database encryption feature.

The database encryption key is a 256-bit symmetric key that is created in the master database and used to encrypt a database.


create encryption key keyname
    [for algorithm]
    for database encryption
        {[master key]
        [key_length 256]
        [init_vector random]
        [[no] dual_control]}




  • The database encryption key does not support the pad option in create encryption key command.
  • The database encryption key cannot be the default key for column encryption.
  • Successfully created database encryption keys are stored in the sysencryptkeys table of the master database and are indicated by this key type:
    #define EK_DBENCKEY       0x1000


ANSI SQL – Compliance level: Transact-SQL extension.


The permission checks for create encryption key differ, based on your granular permission settings:
Granular permissions enabled SAP ASE creates a new permission called "manage database encryption key." You must have permission to create a database encryption key.
Granular permissions disabled You must be a user with sso_role, keycustodian_role, or have create encryption key privilege.
Related concepts
Changing a Database Encryption Key
Dropping a Database Encryption Key
Back Up the Database Encryption Key
Full Database Encryption and System Changes
create archive database for Full Database Encryption
Changed System Tables
Related tasks
Creating the Database Encryption Key
Related reference
drop encryption key
alter database for Full Database Encryption
create database for Full Database Encryption