ENCRYPTION_KEYLABEL field in macro DSN6SPRM
The ENCRYPTION_KEYLABEL subsystem parameter specifies the name of a ICSF key label to provide to DFSMS when using z/OS® DFSMS data set encryption support to define encrypted data sets for the Db2 catalog, directories, and archive logs.
| Acceptable values: | blank, or a string of 1-64 bytes |
|---|---|
| Default: | blank |
| Online changeable: | Yes |
| Data sharing scope | Group |
| DSNZPxxx: | DSN6SPRM ENCRYPTION_KEYLABEL |
| Security parameter: | Yes |
- blank
- Db2 does not provide the key label during allocation of the data sets associated with Db2 system objects, including Db2 catalog, directory objects, user-defined indexes on the catalog, and archive logs. The default value is blank.
- string of 1–64 bytes
A string of 1–64 bytes that identifies a protected data key or Db2 system objects in the ICSF key repository. The key must not be an archived key for decryption operations only.
A change to this parameter does not take effect until you use the -SET SYSPARM command to bring it online. Even if you start or restart Db2 after changing the value, the change is not honored until you issue the -SET SYSPARM command.
In Db2 data sharing, all members must use the same setting. When changing the setting of ENCRYPTION_KEYLABEL for a data sharing group, make the change on all members before running the -SET SYSPARM command on any member.