As with most passwords, it is best to choose a key value that cannot be easily guessed. It is recommended that you choose a value for your key that includes between 8 and 30 characters, a combination of upper and lowercase characters, and numbers, letters, and special characters.
Be sure to store a copy of your key in a safe location. You require the key each time you want to start or modify the database. A lost key will result in a completely inaccessible database, from which there is no recovery.
You can change the encryption key for an encrypted database, or for a database for which table encryption has been enabled, using the CREATE ENCRYPTED FILE statement. As with encrypting the database, you are not overwriting the existing file, you are creating a copy of the file, encrypted with the new key.
Change the encryption key for an encrypted database using the CREATE ENCRYPTED FILE statement.
The following example takes the database file currentkey.db, encrypted with key abc, and creates a copy of it called newkey.db, encrypting it with the key abc123.
CREATE ENCRYPTED FILE newkey.db FROM currentkey.db KEY abc123 OLD KEY abc ALGORITHM AES;
Using the same encryption key information, and following the file name convention you used for the database file, encrypt the associated transaction log file(s), dbspace file(s), and mirror log file (if any), using the CREATE ENCRYPTED FILE statement. See CREATE ENCRYPTED FILE statement.
Choosing the encryption key
Protecting the encryption key