When you enable automatic master key access, Adaptive Server reads in the key encryption keys from the master key start-up file, if it exists. If it does not exist, Adaptive Server creates a master key start-up file, but does not write the key encryption key values to the file until automatic_startup key copies either of the master or dual master keys are created.
When you disable automatic master key access, Adaptive Server drops the key encryption keys for master and dual master keys from the server memory. Adaptive Server does not erase the key encryption key values from the master key start-up file.
A user with the sso_role can specify the master key start-up file path and name using:
sp_encryption mkey_startup_file
[, {new_path | default_location | null}]
[, {sync_with_mem | sync_with_qrm}]
where:
new_path – specifies the location and name of the master key start-up file. new_path is not supported in standalone Adaptive Server Cluster Edition installations.
default location – sets the master key start-up file to the default path and name: $SYBASE_ASE/security/ase_encrcols_mk_<servername>.dat. default location is not supported in standalone Adaptive Server Cluster Edition installations.
null – displays the current master key start-up file path and name.
sync_with_mem – writes the master key encryption keys existing in server memory to the master key start-up file, if configuration option automatic master key access is enabled. sync_with_mem is not supported in standalone Adaptive Server Cluster Edition installations.
sync_with_qrm – (Available only with standalone Cluster Edition installations) updates the key copy in the local master key start-up file with the copy on the quorum device.
