Periodically change the master and dual master keys. However, each time you change the master and dual master keys, you must also reencrypt all column and database encryption keys using the new master and dual master keys.
alter encryption key [dual] master with passwd char_string regenerate key [with passwd char_string]
Validates that the supplied password decrypts the base master or dual master key.
Creates a new master or dual master key.
Decrypts all column and database encryption keys that are encrypted either solely or partially by the master or dual master key. SAP ASE reencrypts them using the new master or dual master key.
Replaces the base master or dual master key with the new key encrypted by the second password. If the second password is not supplied, SAP ASE uses the currently configured password to encrypt the new key.
Drops the regular key copies. The master key owner must re-create regular key copies for designated users using alter encryption key.
Drops the key recovery copy. The master key owner must add a new recovery key copy using alter encryption key, and inform the recovery key owners of the new password.
Replaces the automatic_startup copy with a new key copy created by encrypting the new master key with a new randomly generated master key encryption key. SAP ASE writes the new master key encryption key into the master key start-up file.