Keystore availability

Access to the keystore is required for Db2® to work with an encrypted database. If the keystore is not available, then the database is not available.

When using a local keystore file, you need to provide an identical copy of the keystore at each Db2 member that is associated with the database. If you choose to use a shared file system, ensure that network access is maintained for that file system while Db2 is actively working with the encrypted database.

Using a centralized keystore means that network communication exists between Db2 and the keystore, and you need to account for potential network failures. With Db2, you can add multiple secondary keystore definitions in the keystore configuration for those products that support this feature. Consult the documentation for your keystore product to understand their recommendations for multiple secondary keystore definitions.