Encrypting databases with a new external encryption key
You can apply a new external encryption key to a Derby database
by specifying the newEncryptionKey attribute on the connection URL
when you boot the database.
If the database is configured with log archival for roll-forward recovery,
you must disable log archival and perform a shutdown before you can encrypt
the database with a new external encryption key.
If there are any global transaction that are in the prepared state after
recovery, the database cannot be encrypted with a new encryption key.
If the database is currently encrypted with a boot password , you should
use the newBootPassword attribute
to encrypt the database.
To encrypt a database with a new external encryption key:
Specify the newEncryptionKey attribute in a URL and reboot
the database. For example, when the following URL is used when
the salesdb database is rebooted, the database is encrypted
with the new encryption key 6862636465666768: