What are the challenges you face when working across database platforms? Take the survey

SQL Source Control Certificate Object Signing


Some of our objects are signed by a certificate (to elevate running permissions to the corresponding certificate user) which is done via a "ADD SIGNATURE TO ?.? BY CERTIFICATE [?]" statement.

Is there any way to have SSC capture and store that signing so that if a module is modified it re-signs the module?  At the moment we add re-signing statements in the Post-Script, but it'd be more seamless if SSC captured the signing statement in the object script.


Best Answer

  • Options
    Sergio RSergio R Posts: 610 Rose Gold 5
    edited September 25, 2020 12:41PM Answer ✓
    Hi Peter,

    I am afraid we don't support this because the difference can't be deployed without knowing the certificate password.  This is for the same reason that we can't deploy certificates: SQL Server's security model prevents us from doing so.

    Additionally, certificates tend to legitimately differ between environments, so there would be some risk associated with automatically deploying signature/certificate differences, for example you might end up with test certificates automatically being deployed to production (SQL Source Control is not a deployment tool, but our users can use SQL Compare or SQL Change Automation to deploy SQL Source Control scripts folders).

    Having said that if you wish to, you can submit this as an idea on our uservoice channel at https://redgate.uservoice.com/forums/141379-sql-compare, so that we might consider that for a future improvement.

    Kind Regards,
    Product Support Engineer
    Redgate Software Ltd
    Please see our Help Center for detailed guides on how to use our tools
Sign In or Register to comment.