patternsqlMajor
Query to List Encryption Certificate for Databases
Viewed 0 times
encryptioncertificatedatabasesqueryforlist
Problem
What certificate is being used to encrypt each of the databases on the instances.
I can get the data using the following but how do I write the queries
I noticed that columns sys.certifcates.thumbprint and sys.dm_database_encryption_keys.encryptor_thumbprint contain the same data.
I can get the data using the following but how do I write the queries
USE master
GO
-- this provides the list of certificates
SELECT * FROM sys.certificates
-- this provides the list of databases (encryption_state = 3) is encrypted
SELECT * FROM sys.dm_database_encryption_keys
WHERE encryption_state = 3;I noticed that columns sys.certifcates.thumbprint and sys.dm_database_encryption_keys.encryptor_thumbprint contain the same data.
Solution
You can join on the certificate thumbprint:
My sample output:
use master;
go
select
database_name = d.name,
dek.encryptor_type,
cert_name = c.name
from sys.dm_database_encryption_keys dek
left join sys.certificates c
on dek.encryptor_thumbprint = c.thumbprint
inner join sys.databases d
on dek.database_id = d.database_id;My sample output:
database_name encryptor_type cert_name
============= ============== =========
tempdb ASYMMETRIC KEY NULL
AdventureWorks2012TDE CERTIFICATE TdeCertCode Snippets
use master;
go
select
database_name = d.name,
dek.encryptor_type,
cert_name = c.name
from sys.dm_database_encryption_keys dek
left join sys.certificates c
on dek.encryptor_thumbprint = c.thumbprint
inner join sys.databases d
on dek.database_id = d.database_id;database_name encryptor_type cert_name
============= ============== =========
tempdb ASYMMETRIC KEY NULL
AdventureWorks2012TDE CERTIFICATE TdeCertContext
StackExchange Database Administrators Q#92080, answer score: 28
Revisions (0)
No revisions yet.