Start of change

ENCRYPTION_KEYLABEL field in macro DSN6SPRM

The ENCRYPTION_KEYLABEL subsystem parameter specifies the name of a ICSF key label to provide to DFSMS when using z/OS DFSMS data set encryption support to define encrypted data sets for the Db2 catalog, directories, and archive logs.

FL 502

The setting is used to define encrypted data sets for the Db2 catalog, directory objects, user-defined indexes on the catalog, and archive logs only when the Db2 function level is V12R1M502 or higher.

Acceptable values: blank, or a string of 1-64 bytes
Default: blank
Online changeable: Yes
Data sharing scope Group
DSNZPxxx: DSN6SPRM ENCRYPTION_KEYLABEL
Security parameter: Yes
blank
Db2 does not provide the key label during allocation of the data sets associated with Db2 system objects, including Db2 catalog, directory objects, user-defined indexes on the catalog, and archive logs. The default value is blank.
string of 1–64 bytes
A string of 1–64 bytes that identifies a protected data key or Db2 system objects in the ICSF key repository.

A change to this parameter does not take effect until you use the -SET SYSPARM command to bring it online. Even if you start or restart Db2 after changing the value, the change is not honored until you issue the -SET SYSPARM command.

In Db2 data sharing, all members must use the same setting. When changing the setting of ENCRYPTION_KEYLABEL for a data sharing group, make the change on all members before running the -SET SYSPARM command on any member.

End of change