Menu & Search

Backing up a SQL Server Database with Encryption

Backing up a SQL Server Database with Encryption

To backup a database in SQL Server with Encryption, run the BACKUP DATABASE command with the ENCRYPTION option added to the SQL statement, and specify the valid encryption certificate name.

Backing up a SQL Server Database with Encryption is the secure way of performing your SQL Server backups. If your MSSQL database backups are off-site and/or you have sensitive customer information stored on them, then you may consider encrypting your database backups.

Since SQL Server 2012, it has not been possible to create a SQL backup with a password (PASSWORD/MEIAMPASSWORD backup options).

The demo below guide was done following Microsoft Docs – Create an Encrypted Backup.

Backup Database with Encryption

Create a Database Master Key (stored in the database).

Create a Certificate to use for the database backups (gets stored in the Master Database) – Microsoft Docs; Create Certificate

SQL Server Create Certificate

Have a look at the new certificate by querying sys.certificates (think about expiry dates).

SQL Server Select Sys.Certificates

Now backup the database.

-- backup database with encryption mssql
BACKUP DATABASE [Computer_World] TO DISK = N'C:\Temp_MSSQL_Backups\computer_world_full.bak'  
SQL Server Backup Database With Encryption

The database has successfully been backed up with encryption.

The warning we see is regarding the certificate created prior to the backup.

Warning: The certificate used for encrypting the database encryption key has not been backed up. You should immediately back up the certificate and the private key associated with the certificate. If the certificate ever becomes unavailable or if you must restore or attach the database on another server, you must have backups of both the certificate and the private key or you will not be able to open the database.

I have another post to guide through a certificate backup here.

1 Comment

  1. […] for example, your SQL Server database backups are encrypted and you need to restore it on another server, then you will need both the certificate and private […]