Create a database with table encryption by using the CREATE DATABASE statement, or enable table encryption in an existing database by using the CREATE ENCRYPTED TABLE DATABASE statement.
By default, you must have the SERVER OPERATOR system privilege to execute the CREATE DATABASE statement and the CREATE ENCRYPTED TABLE DATABASE statement. The required privileges can be changed by using the -gu database server option.
Table encryption must be enabled and configured at database creation time. If your database does not have table encryption enabled, or if you have database encryption in effect, using the CREATE ENCRYPTED TABLE DATABASE statement creates a copy of the database with table encryption enabled, and does not overwrite the original database file.
| Option | Action |
|---|---|
| Create a database with table encryption | Create a database with the CREATE DATABASE statement, and specify a key and an encryption algorithm. |
| Enable table encryption for an existing database | Create a copy of the database with the CREATE ENCRYPTED TABLE DATABASE statement, and specify a key. |
Table encryption is enabled.
You create an encrypted table by using the CREATE TABLE statement, or by altering an existing table to be encrypted by using the ALTER TABLE statement. When you encrypt a table, the key and/or algorithm specified when enabling table encryption is used.