Allows key owners to drop the named encryption key.
drop encryption key [[database.][owner].]keyname
The syntax for explicitly dropping an external login password service key is
drop encryption key syb_extpasswdkey with password encryption downgrade
The syntax for explicitly dropping a hidden text service key is:
drop encryption key syb_syscommkey_dddddd
Or:
drop encryption key syb_syscommkey with text encryption downgrade
is the name of the database.
is the owner.
is the name of the key.
name of the service key
When you specify with password encryption downgrade, Adaptive Server resets external login passwords with the algorithm used in versions earlier than 15.7, and the Replication Agent password, and the CIS and RTMS external login passwords are reset to an invalid value.
After the key is dropped, the administrator must reenter the passwords manually to resume using the corresponding services.
is the explicit name of an individual syscomments service key to be dropped.
Adaptive Server reencrypts all the hidden text in syscomments with the algorithm used in versions earlier than 15.7.
Drops the encryption key cc_key
:
drop encryption key cust.dbo.cc_key
If the key has key copies, the copies are dropped along with the base key.
The command fails if any column in any database is encrypted using the key.
drop encryption key cannot check databases that are archived, suspect, offline, unrecovered, or currently being loaded for columns encrypted by the key. The command issues a warning message naming the unavailable database, but does not fail. When the database is brought online, any tables with columns that were encrypted with the dropped key are not usable. To restore the key, the system administrator must load a dump of the dropped key’s database from a time that precedes when the key was dropped.
The permission checks for drop encryption key differ based on your granular permissions settings.
Granular permissions enabled |
With granular permissions enabled, you must be the key owner or a user with manage any encryption key privilege. |
Granular permissions disabled |
With granular permissions disabled, you must be the key owner or a user with sa_role. |
Values in event and extrainfo columns of sysaudits are:
Event |
Audit option |
Command or access audited |
Information in extrainfo |
---|---|---|---|
109 |
drop encryption key |
|
create encryption key, alter encryption key, sp_encryption, sp_help