Booting an encrypted database

Once you have created an encrypted database, you must supply the boot password to reboot it. Encrypted databases cannot be booted automatically along with all other system databases on system startup (see "derby.system.bootAll" in Tuning Derby). Instead, you boot encrypted databases when you first connect to them.

For example, to access an encrypted database called wombat, created with the boot password clo760uds2caPe, you would use the following connection URL:

jdbc:derby:wombat;bootPassword=clo760uds2caPe

Once the database is booted, all connections can access the database without the boot password. Only a connection that boots the database requires the key.

For example, the following connections would boot the database and thus require the boot password:

The first connection to the database in the JVM session
The first connection to the database after the database has been explicitly shut down
The first connection to the database after the system has been shut down and then rebooted

Note: The boot password is not meant to prevent unauthorized connections to the database once it has been booted. To protect a database once it has been booted, turn on user authentication (see Working with user authentication).