Encrypting databases with a new external encryption key

You can apply a new external encryption key to a Derby database by specifying the newEncryptionKey attribute on the connection URL when you boot the database.

To encrypt a database with a new external encryption key:

Specify the newEncryptionKey attribute in a URL and reboot the database. For example, when the following URL is used when the salesdb database is rebooted, the database is encrypted with the new encryption key 6862636465666768:
jdbc:derby:salesdb;encryptionKey=6162636465666768;newEncryptionKey=6862636465666768'

If authentication and SQL authorization are both enabled, the credentials of the database owner must be supplied as well, since encryption is a restricted operation.

If you disabled log archival before you applied the new encryption key, create a new backup of the database after the database is reconfigured with new the encryption key.

Related concepts
Booting an encrypted database
Requirements for Derby encryption
Related tasks
Encrypting databases with a new boot password