I'm trying to rotate my SQL encryption key with the following script, but get an error while executing, although the compiler does not give an error. Anyone an idea on how to solve this?
ALTER COLUMN ENCRYPTION KEY [myKeyName]
ADD VALUE
(
COLUMN_MASTER_KEY = [myNewKeyName]
);
FYI, I already created a new key 'COLUMN MASTER KEY' with name [myNewKeyName]
Error:
Incorrect syntax near 'ADD'.
Converting Thom A's comment as answer here.
ADD VALUE clause in the ALTER COLUMN ENCRYPTION KEY statement, ALGORITHM and ENCRYPTED_VALUE parameters are requiredHere is the corrected query with the required parameters:
ALTER COLUMN ENCRYPTION KEY [myKeyName]
ADD VALUE
(
COLUMN_MASTER_KEY = [myNewKeyName],
ALGORITHM = 'RSA_OAEP',
ENCRYPTED_VALUE = 0x016E000001630075006D0062007200690061006E00630065006C006C006F0073006500720076006900630065002E0063006F006D002F00730071006C002F0072006F006F0740000001D7C7B9C7B9C7B9C7B9C7B9C7B9C7B9C7B9C7B9C7B9C7B9C7B9C7B9C7B9C7B9C7B9C7B9C7B9C7B9C7B9C7B9C7B9C7B9C7B9C7B9C7B9C7B9C7B9C7B9C7B9C7B9C7B9C7B9C7B9C7B9C7B9C7B9C
);
This query will add a new value to the encryption key with the specified column master key, algorithm, and encrypted value.
Reference: MS document on Alter column encryption key.