The ADMIN_ROTATE_MASTER_KEY procedure changes the master key for an encrypted database.
None
Column name | Data type | Description |
---|---|---|
LABEL | VARCHAR(255) | The name of the new master key that protects the database encryption key. |
Rotation of the master key label should be done according to the organization's security policy. This is similar to changing user passwords at a regular interval, which is also enforced by a security policy. Before performing a master key rotation, you must ensure that the specified label is defined at the keystore and mapped to an existing master key.
This procedure does not re-encrypt any of the data stored on disk.
In a partitioned database environment, ensure that all database partitions are active before calling this procedure.
CALL SYSPROC.ADMIN_ROTATE_MASTER_KEY('UserGivenLabel')
Value of output parameters
--------------------------
Parameter Name : LABEL
Parameter Value : UserGivenLabel
Return Status = 0
CALL SYSPROC.ADMIN_ROTATE_MASTER_KEY (NULL)
Value of output parameters
--------------------------
Parameter Name : LABEL
Parameter Value : DB2_SYSGEN_instancename_dbname_timestamp
Return Status = 0