encryptionKey=key attribute

Function

Specifies the external key to use to:
  • Encrypt a new database
  • Configure an existing unencrypted database for encryption
  • Boot an existing encrypted database
Your application must provide the encryption key.

For information about data encryption, see "Encrypting databases on disk" in the Derby Developer's Guide.

Combining with other attributes

When creating a new database, you must combine the encryptionKey=key attribute with the create=true and dataEncryption=true attributes.

When you configure an existing unencrypted database for encryption, the encryptionKey=key attribute must be combined with the dataEncryption=true attribute. For an existing, unencrypted database for which authentication and SQL authorization are both enabled, only the database owner can perform encryption. Please see "Enabling user authentication" and "Setting the SQL standard authorization mode" in the Derby Developer's Guide for more information.

The encryptionKey=key attribute can optionally be combined with the encryptionProvider=providerName, encryptionAlgorithm=algorithm, and/or encryptionKeyLength=length attributes.

Examples

Example of a JDBC URL that creates a new encrypted database:

jdbc:derby:newDB;create=true;dataEncryption=true;
   encryptionKey=6162636465666768
Example of a JDBC URL that configures an existing unencrypted database for encryption: 
jdbc:derby:salesdb;dataEncryption=true;encryptionKey=6162636465666768
Example of a JDBC URL that boots an encrypted database: 
jdbc:derby:encryptedDB;encryptionKey=6162636465666768
Parent topic: Setting attributes for the database connection URL