DISK_ENCRYPTION configuration parameter
The DISK_ENCRYPTION configuration parameter controls the encryption of storage spaces.
- onconfig.std value
- Not set. Storage space encryption is disabled.
- values
- See Usage section.
- takes effect
- After you edit your onconfig file and restart the database server.
Usage
Use the DISK_ENCRYPTION configuration parameter to enable storage space encryption, set the name of the encryption file names, and specify the encryption cipher. Any storage spaces that you create after you set the DISK_ENCRYPTION configuration parameter are encrypted by default. Storage spaces that you created before you set the DISK_ENCRYPTION configuration parameter are not automatically encrypted. When storage space encryption is enabled, you can restore a storage space as encrypted or unencrypted, regardless of whether the space was encrypted at the time of the back up.
Field | Value |
---|---|
keystore | The keystore specifies the name of the keystore and stash file names. The
files are created in the ONEDB_HOME/etc directory:
You must manually back up the keystore and password stash files. These files are not backed up when you run a back up with the ON-Bar utility. |
cipher | Specifies the encryption cipher:
|
rollfwd_create_dbs | Specifies whether to encrypt a storage space that is created by the rolling forward of the
logical log during a restore:
By default, storage spaces that are created by the rolling forward of the logical log have the same encryption state as the original storage space. |