Encrypting databases with a new external encryption keyYou can apply a new external encryption key to a database
by specifying the newEncryptionKey=key attribute on the connection URL
when you boot the database.encrypting databasesnew external keydatabasesencrypting, new external key
If the database is configured with log archival for roll-forward recovery,
you must disable log archival and perform a shutdown before you can encrypt
the database with a new external encryption key.
If any global transaction are in the prepared state after
recovery, the database cannot be encrypted with a new encryption key.
If the database is currently encrypted with a boot password,
use the
newBootPassword=newPassword attribute to encrypt the
database.
To encrypt a database with a new external encryption key:
Specify the newEncryptionKey=key attribute in a URL and reboot
the database.For example, if you use the following URL to reboot
the salesdb database, the database is encrypted
with the new encryption key 6862636465666768:
jdbc:derby:salesdb;encryptionKey=6162636465666768;
newEncryptionKey=6862636465666768'
If authentication
and
SQL authorization
are both enabled, the credentials of the
database owner
must be supplied as well, since encryption is a restricted operation.
If you disabled log archival before you applied the new encryption
key, create a new backup of the database after the database is reconfigured
with new the encryption key.