DB2 10.5 for Linux, UNIX, and Windows

encrlib - Encryption library configuration parameter

The encrlib configuration parameter enables automatic encryption of backups. Use the encrlib parameter to specify the full absolute path to the encryption library which plugs in to the DB2® compression API, such as IBM® InfoSphere® Guardium® Data Encryption.

Configuration type: Database
Parameter type: Configurable online (requires a database connection)
Propagation class: Immediate
Default [range]: NULL [<path-to-encryption-library>]

By default, the encrlib configuration parameter is set to NULL, meaning that backups are not automatically encrypted. To have your backups encrypted, either specify the ENCRYPT option with the BACKUP DATABASE command (to have that specific backup encrypted), or have encrlib set to a non-NULL value (to have all backups automatically encrypted). This enforced encryption does not apply to snapshot backups, which are not encrypted. When the encrlib configuration parameter is set, you cannot specify any compression options with your backup operations, and the only valid encryption option that you can specify is EXCLUDE.

Only a user with SECADM authorization can change the setting of the encrlib configuration parameter.

The path used for the library should be a full absolute path. Relative paths are interpreted relative to the current working directory of the DB2 server. The path is interpreted while it is being set to resolve all symbolic links and relative path references such as ... This fully-expanded path is stored in the database configuration.