A user with sso_role or keycustodian_role can create a service key and becomes the owner of the key.
An ASE_ENCRYPTION license is required.
The enable encrypted columns configuration parameter must be set.
The user creating the service key must have sso_role or keycustodian_role.
The master key must be created before the service key, if you are protecting service keys with the master key.
create encryption key [syb_extpasswdkey | syb_syscommkey] [ with { static key | master key }]
By default, the static key encrypts the keys. To use the master key, use the with master key parameter.
When a syb_extpasswdkey is created, all external passwords in sysattributes are reencrypted with the new key using strong encryption.