Encrypted backups

With Db2® native encryption, you can encrypt your database, your database backups, or both. Database backups can be encrypted regardless of whether the database itself is encrypted.

You can encrypt individual backups manually, by specifying the ENCRYPT option on the BACKUP DATABASE command. You can also configure Db2 to automatically encrypt backups by setting the encrlib and encropts database manager configuration parameters. By default, when an encrypted database is created, these parameters are set to ensure that backups are automatically encrypted. For more information, refer to Encrypted database backup images.

Important consideration for encrypted backups

When a database backup is encrypted, it is no longer affected by subsequent attempts to reduce its size. Size reduction methods include attempts through compression or data deduplication technologies that are offered on some storage media devices. Encryption removes repetitive patterns from the data that these technologies rely upon. To reduce the size of database backups, compression needs to be applied before encryption. Compression can be done by actively compressing the data in the database itself, or by specifying the libdb2compr_encr.so library on the BACKUP DATABASE command.