Backup Service Master Key - SQL-FineBuild/Common GitHub Wiki

Previous Configure Errorlog Retention	Manual Configuration	Configure Database Mail Next

FineBuild can backup the Service Master Key so that a secure copy is maintained.

The Service Master Key is the root of the SQL Encryption hierarchy. It is important that you keep a backup copy of this key or you may be unable to decrypt SQL encrypted objects in the event of corruption of the master database.

Further information about the Service Master Key is at https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/service-master-key.

FineBuild Backup Service Master Key

The Backup Service Master Key processing relates to Process Id 5BA and is controlled by the parameters below:

SQL Version	Parameter	FULL Build	WORKSTATION Build	CLIENT Build
SQL2019	/SetupSQLServer:	Yes	Yes	N/A
SQL2017	/SetupSQLServer:	Yes	Yes	N/A
SQL2016	/SetupSQLServer:	Yes	Yes	N/A
SQL2014	/SetupSQLServer:	Yes	Yes	N/A
SQL2012	/SetupSQLServer:	Yes	Yes	N/A
SQL2008R2	/SetupSQLServer:	Yes	Yes	N/A
SQL2008	/SetupSQLServer:	Yes	Yes	N/A
SQL2005	/SetupSQLServer:	Yes	Yes	N/A

In order to maintain compatibility with older versions of SQL FineBuild, the parameter ConfigSQLServer can also be used.

FineBuild will use the same password as specified for the sa account via the /SAPWD: parameter. The password should be recorded in the DBA Password Store.

Top

Manual Backup Service Master Key

The following steps show what you would have to do for manual backup Service Master Key processing. FineBuild does all of this work for you automatically.

Using SQL Server Management Studio, run the following query to back up the Service Master Key

Use the backup location specified for your server, based on the example below:

  BACKUP SERVICE MASTER KEY TO 
FILE='I:\SQLFiles\MSSQL.MSSQLSERVER.BACKUP\SystemDB Copy\PDGB01SQLC07\ServiceMasterKey.snk' ENCRYPTION BY PASSWORD='password'

Previous Configure Errorlog Retention	Top	Configure Database Mail Next