keystore_type - Keystore type configuration parameter
This parameter specifies the type of keystore that is used to store encryption keys or remote storage account credentials.
- Configuration type
- Database manager
- Applies to
-
- Database server with local and remote clients
- Database server with local clients
- Partitioned database server with local and remote clients
- Parameter type
- Configurable online
- Propagation class
- Immediate
- Default [range]
- NONE [NONE, PKCS12, KMIP, PKCS11]
Valid values for this parameter are:
- NONE
- There is no keystore defined for this instance, and no databases under this instance are encrypted.
- PKCS12
- Specifies to use a local keystore provided by IBM® Global Security Kit (GSKit). The value of the keystore_location database
manager configuration parameter is used to configure the location
of the keystore.
You cannot set keystore_type to PKCS12 unless the keystore_location database manager configuration parameter is set to a non-NULL file name.
- Key Management Interoperability Protocol (KMIP)
- Specifies to use a centralized keystore provided by a key manager that supports the Key
Management Interoperability Protocol (KMIP) 1.1. The keystore_location
configuration parameter is used to configure the absolute path of a centralized KMIP keystore
configuration file.
You cannot set keystore_type to
KMIP
unless keystore_location is set to an absolute path of a centralized KMIP keystore configuration file. - PKCS11
- Specifies to use a centralized keystore provided by a key manager that supports PKCS #11. The
keystore_location configuration parameter is used to configure the absolute
path of a centralized PKCS #11 keystore configuration file.
You cannot set keystore_type to
PKCS11
unless keystore_location is set to an absolute path of a centralized PKCS #11 keystore configuration file.