encrlib - Encryption library configuration parameter
The encrlib configuration parameter enables automatic encryption of backups. The default value for the encrlib configuration parameter on a non-encrypted database is set to NULL, meaning that backups are not automatically encrypted. Use the encrlib parameter to specify the full absolute path to the encryption library which plugs in to the Db2® compression API, such as IBM® InfoSphere® Guardium® Data Encryption.
- Configuration type
- Database
- Parameter type
- Configurable online (requires a database connection)
- Propagation class
- Immediate
- Default [range]
- NULL [<path-to-encryption-library>]
The default value for the encrlib configuration parameter on a non-encrypted database is set to NULL, meaning that backups are not automatically encrypted. To have your backups encrypted, either specify the ENCRYPT option with the BACKUP DATABASE command (to have that specific backup encrypted), or have encrlib set to a non-NULL value (to have all backups automatically encrypted). This enforced encryption does not apply to snapshot backups, which are not encrypted. When the encrlib configuration parameter is set, you cannot specify any compression options with your backup operations, and the only valid encryption option that you can specify is EXCLUDE. The default value for the encrlib configuration parameter on an encrypted database is set to libdb2encr.so on Linux, libdb2encr.a on AIX, or db2encr.dll on Windows, meaning that backups will be automatically encrypted.
Only a user with SECADM authorization can change the setting of the encrlib configuration parameter.
The path used for the library should be a full absolute path. Relative paths are interpreted
relative to the current working directory of the Db2 server. The path is
interpreted while it is being set to resolve all symbolic links and relative path references such as
... This fully-expanded path is stored in the database configuration.