ENCRYPTION_KEYLABEL field in macro DSN6SPRM
The ENCRYPTION_KEYLABEL subsystem parameter specifies the name of a ICSF key label to provide to DFSMS when using z/OS DFSMS data set encryption support to define encrypted data sets for the Db2 catalog, directories, and archive logs.
The setting is used to define encrypted data sets for the Db2 catalog, directory objects, user-defined indexes on the catalog, and archive logs only when the Db2 function level is V12R1M502 or higher.
Acceptable values: | blank, or a string of 1-64 bytes |
---|---|
Default: | blank |
Online changeable: | Yes |
Data sharing scope | Group |
DSNZPxxx: | DSN6SPRM ENCRYPTION_KEYLABEL |
Security parameter: | Yes |
- blank
- Db2 does not provide the key label during allocation of the data sets associated with Db2 system objects, including Db2 catalog, directory objects, user-defined indexes on the catalog, and archive logs. The default value is blank.
- string of 1–64 bytes
- A string of 1–64 bytes that identifies a protected data key or Db2 system objects in the ICSF key repository.
A change to this parameter does not take effect until you use the -SET SYSPARM command to bring it online. Even if you start or restart Db2 after changing the value, the change is not honored until you issue the -SET SYSPARM command.
In Db2 data sharing, all members must use the same setting. When changing the setting of ENCRYPTION_KEYLABEL for a data sharing group, make the change on all members before running the -SET SYSPARM command on any member.