Encrypting databases with a new external encryption key

You can apply a new external encryption key to a Derby database by specifying the newEncryptionKey attribute on the connection URL when you boot the database.

To encrypt a database with a new external encryption key:

Specify the newEncryptionKey attribute in a URL and reboot the database. For example, when the following URL is used when the salesdb database is rebooted, the database is encrypted with the new encryption key 6862636465666768:
jdbc:derby:salesdb;encryptionKey=6162636465666768;newEncryptionKey=6862636465666768'

If authentication and SQL authorization are both enabled, the credentials of the database owner must be supplied as well, since encryption is a restricted operation.

If you disabled log archival before you applied the new encryption key, create a new backup of the database after the database is reconfigured with the new encryption key. For more information, see the section "Backing up and restoring databases" in the Derby Server and Administration Guide, particularly "Roll-forward recovery".

Related concepts
Booting an encrypted database
Requirements for Derby encryption
Related tasks
Encrypting databases with a new boot password