Creating Service Keys

A user with sso_role or keycustodian_role can create a service key and becomes the owner of the key.

Prerequisites
To create service keys:

  • An ASE_ENCRYPTION license is required.

  • The enable encrypted columns configuration parameter must be set.

  • The user creating the service key must have sso_role or keycustodian_role.

  • The master key must be created before the service key, if you are protecting service keys with the master key.

Task
Use: 
create encryption key [syb_extpasswdkey | syb_syscommkey] 
	[ with { static key | master key }]

By default, the static key encrypts the keys. To use the master key, use the with master key parameter.

When a syb_extpasswdkey is created, all external passwords in sysattributes are reencrypted with the new key using strong encryption.

When a syb_syscommkey is created, any subsequent execution of sp_hidetext uses the new key with strong encryption. sp_hidetext must be executed on an existing database object for the object to be encrypted with the new key. Because reencrypting hidden text may involve very large amounts of data, database administrators should defer executing sp_hidetext to times when there is low system demand.
Note: You cannot use dual control with service keys.
Parent topic: Service Keys