Encrypting databases with a new external encryption keyYou can apply a new external encryption key to a database
by specifying the newEncryptionKey attribute on the connection URL
when you boot the database.encrypting databasesnew external keydatabasesencrypting, new external key
If the database is configured with log archival for roll-forward recovery,
you must disable log archival and perform a shutdown before you can encrypt
the database with a new external encryption key.
If there are any global transaction that are in the prepared state after
recovery, the database cannot be encrypted with a new encryption key.
If the database is currently encrypted with a boot password , you should
use the newBootPassword attribute
to encrypt the database.
To encrypt a database with a new external encryption key:
Specify the newEncryptionKey attribute in a URL and reboot
the database.For example, when the following URL is used when
the salesdb database is rebooted, the database is encrypted
with the new encryption key 6862636465666768:jdbc:derby:salesdb;encryptionKey=6162636465666768;newEncryptionKey=6862636465666768'
If authentication
and
SQL authorization
are both enabled, the credentials of the
database owner
must be supplied as well, since encryption is a restricted operation.
If you disabled log archival before you applied the new encryption
key, create a new backup of the database after the database is reconfigured
with new the encryption key.