Encrypting databases with a new key

Encrypting databases with a new key You can apply a new encryption key to a database by specifying a new boot password or a new external key. encrypting databasesnew key, overview databasesoverview of encrypting, new key

Encrypting a database with a new encryption key is a time consuming process because it involves encrypting all of the existing data in the database with the new encryption key. If the process is interrupted before completion, all the changes are rolled back the next time that the database is booted. If the interruption occurs immediately after the database is encrypted with the new encryption key but before the connection is returned to the application, you might not be able to boot the database with the old encryption key. In these rare circumstances, you should try to boot the database with the new encryption key.

Ensure that you have enough free disk space before you encrypt a database with a new key. In addition to the disk space required for the current size of the database, temporary disk space is required to store the old version of the data to restore the database back to it's original state if the new encryption is interrupted or returns errors. All of the temporary disk space is released back to the operating system after the database is reconfigured to work with the new encryption key.

To encrypt a database with a new encryption key:

Use the type of encryption that is currently used to encrypt the database: To encrypt the database with a new boot password key, use the newBootPassword attribute. To encrypt the database with a new external encryption key, use the newEncryptionKey attribute. If authentication and SQL authorization are both enabled, the credentials of the database owner must be supplied, since reencryption is a restricted operation.