SQL Server Encryption Certificate With Or Without Password

GoCubs
GoCubs used Ask the Experts™
on
I run a client-server application and I am setting up a SQL Server 2008 R2 database with encryption. I am wondering if someone can give me the plus and minus of creating a certificate with a password versus creating one where the master key is used.
CREATE CERTIFICATE MY_Cert ENCRYPTION BY PASSWORD = 'MyPassword' WITH SUBJECT = 'MySubject';
versus
CREATE CERTIFICATE MY_Cert ENCRYPTION  WITH SUBJECT = 'MySubject';

What is the consensus up and down side when encrypting and decrypting?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Sr Database Engineer
Commented:
It depends. I do not see any issues on the certificate level itself -- dunno what others can say about this. For us, we have the password on the master key, and our certificate is encrpyted using the master key. Symmetric key encrypted by certificate.

In this way, we only keep the master key password secured (using a customized application where 2 people would login to retrieve, change or regenerate master key).

Author

Commented:
No one else had any thoughts so I will award the points to you. Thanks for your response.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial