The master key is a database-level key that is created by a user with the sso_role or keycustodian_role, and is used as a KEK for user-created encryption keys. Once created, the master key replaces the system encryption password as the default KEK for user-created keys.
Although SAP ASE supports using the system encryption password, for compatibility with versions earlier than 15.7, SAP recommends that you use the master key.
You can use the master key with the dual master key to create a composite key that provides dual control and split knowledge for all user-created keys. You can also create a composite key by using the master key with a DEK's or CEK’s explicit password.
Managing passwords for keys is restricted to setting the password for the master key.
You need not specify passwords on create and alter encryption key statements.
Allows for password distribution and recovery from lost column encryption key passwords.
Access control over encrypted data is enforced through decrypt permission on the data.
You need not make any changes to the application.
create encryption key master [for AES] with passwd char_literal
See the Reference Manual: Commands.