Users or master key owners with sso_role or keycustodian_role can create copies for master keys.
Provide access to the master key or dual master key for unattended start-up of the SAP ASE. Such a key copy is referred to as the automatic_startup copy.
Support recovery of the master keys should their passwords be lost. Such a key copy is referred to as the recovery copy.
Allow a user other than the base key owner to set up encryption passwords for the master or dual master key. This key copy is referred to as a regular copy.
alter encryption key [dual] master
with passwd char_string
add encryption
{with passwd char_string
for user user_name
[ for recovery ] | [ for automatic_startup ] }
char_string – (first reference) specifies the password that currently encrypts the base copy of the master or dual master key.
char_string – (second reference) specifies the password for the regular or recovery copy. It must not be used for automatic_startup copies.
for user – indicates the user to whom the regular or recovery copy must be assigned. Do not use this parameter to enter a password for automatic_startup copies.
for recovery – indicates that the key copy is to be used to recover the master key in case the password is lost.
for automatic_startup – indicates that the key copy is to be used to access the master or dual master key after the server is restarted with automatic master key access enabled.
alter encryption key master with passwd 'unforgettablethatswhatur' add encryption with passwd 'just4now' for user mary
alter encryption key dual master with passwd 'Never4Getable' add encryption for automatic_startup