keystore_type - Keystore type configuration parameter

This parameter specifies the type of keystore that is used to store encryption keys or remote storage account credentials.

Configuration type
Database manager
Applies to
  • Database server with local and remote clients
  • Database server with local clients
  • Partitioned database server with local and remote clients
Parameter type
Configurable online
Propagation class
Immediate
Default [range]
NONE [NONE, PKCS12, KMIP, PKCS11]
Valid values for this parameter are:
NONE
There is no keystore defined for this instance, and no databases under this instance are encrypted.
PKCS12
Specifies to use a local keystore provided by IBM® Global Security Kit (GSKit). The value of the keystore_location database manager configuration parameter is used to configure the location of the keystore.

You cannot set keystore_type to PKCS12 unless the keystore_location database manager configuration parameter is set to a non-NULL file name.

Key Management Interoperability Protocol (KMIP)
Specifies to use a centralized keystore provided by a key manager that supports the Key Management Interoperability Protocol (KMIP) 1.1. The keystore_location configuration parameter is used to configure the absolute path of a centralized KMIP keystore configuration file.

You cannot set keystore_type to KMIP unless keystore_location is set to an absolute path of a centralized KMIP keystore configuration file.

PKCS11
Specifies to use a centralized keystore provided by a key manager that supports PKCS #11. The keystore_location configuration parameter is used to configure the absolute path of a centralized PKCS #11 keystore configuration file.

You cannot set keystore_type to PKCS11 unless keystore_location is set to an absolute path of a centralized PKCS #11 keystore configuration file.