bootPassword=key attribute

The bootPassword=key attribute specifies a boot password (encryption key).

The attribute specifies the key to use to:
  • Encrypt a new database
  • Configure an existing unencrypted database for encryption
  • Boot an existing encrypted database
Specify an alphanumeric string that is at least eight characters long.

For information about data encryption, see "Configuring database encryption" in the Derby Security Guide.

Combining with other attributes

When you create a new database, the bootPassword=key attribute must be combined with the create=true and dataEncryption=true attributes.

When you configure an existing unencrypted database for encryption, the bootPassword=key attribute must be combined with the dataEncryption=true attribute. For an existing, unencrypted database for which authentication and SQL authorization are both enabled, only the database owner can perform encryption. See "Configuring user authentication" and "Configuring user authorization" in the Derby Security Guide for more information.

The bootPassword=key attribute can optionally be combined with the encryptionProvider=providerName, encryptionAlgorithm=algorithm, and/or encryptionKeyLength=length attributes.

Examples

-- create a new, encrypted database
jdbc:derby:newDB;create=true;dataEncryption=true;
    bootPassword=cseveryPlace
-- configure an existing unencrypted database for encryption
jdbc:derby:salesdb;dataEncryption=true;bootPassword=cseveryPlace
-- boot an existing encrypted database
jdbc:derby:encryptedDB;bootPassword=cseveryPlace
-- configure an existing encrypted database for encryption, 
-- specifying the encryption algorithm
jdbc:derby:encryptedDB;dataEncryption=true;bootPassword=cseveryPlace;
    encryptionAlgorithm=DESede/CBC/NoPadding