One solution to the problem of encrypting using a shared passphrase is to encrypt the data using a certificate. A primary benefit of certificates is that they relieve hosts of the need to maintain a set of passwords for individual subjects. Instead, the host merely establishes trust in a certificate issuer, which may then sign an unlimited number of certificates.
Certificates can be created within SQL Server 2014 using the
CREATE CERTIFICATE command. The certificate created is a database-level securable that follows the X.509 standard and supports X.509 V1 fields. The
CREATE CERTIFICATE command can load a certificate from a file or assembly, or it can also generate a key pair and create a self-signed certificate. ...