I would like to protect my database of secret information with a master key or master password and encrypt the data. Only if the user enters the correct master key, the data will be decrypted.

Obviously, when creating the master key, I should only save this as a hash value (e.g. SHA). But then I also need a key to encrypt the data with (e.g. AES). I thought of using the master key's hash value as the key for encryption.

But probably, this is not safe, right?

If the user enters a key, the hash is calculated and compared to the saved hash value. If they are the same, the database should be enrypted.

But saving the master key's hash value and using it as the key for encryption is probably a security risk, right?

Should I rather use the actual (plaintext) version of the master key to encrypt the data with?

Or just leaving out the step with comparing the hash value to the entered password and instead just trying to encrypt the data with the password entered?

I hope you understand what I'm trying to tell you about my problem. Thanks a lot in advance!

It is always best to separate responsibilities clearly and only use one cryptographic entity for one purpose and nothing else.

For symmetric encryption (e.g. AES), you need a key, and such a key is typically derived from a password (but it can be derived from a lot of other things, like a collection of files, or even just entered directly). So this entity is "password-which-becomes-encryption-key". Use it for that purpose. No need to store the password anywhere, as deriving the correct key from it is all you need.

If you additionally want to guard access to your application or database with an account system with authentication and authorisation, you also need to manage those credentials. That's an entirely unrelated activity; look up any basic web application design guide for standard solutions.

Just don't reuse a login password as an encryption key.