Dropping Master Keys and Key Copies

A user with sso_role or keycustodian_role can drop a master or dual master key provided that there are no other column or database encryption keys that are currently encrypted using that master or dual master key.

To drop a master or a dual master key, use:

drop encryption key [dual] master

When a master or dual master key is dropped, SAP ASE:

Drops the master or dual master key, and its key copies. All regular key copies, the automatic_startup key copy, and recovery key copies are deleted from the database.
Deletes the master key encryption keys from the master keystart-upfile, if an automatic_startup key copy exists.

To delete only the regular key copy, use:

alter encryption key [dual] master
	drop encryption for user username

To delete only the recovery key copy, use:

alter encryption key [dual] master
	drop encryption for recovery

To delete only the automatic_startup key copy, use:

alter encryption key [dual] master
	drop encryption for automatic_startup