Encrypting Columns in Existing Tables

To encrypt columns in existing tables, use the modify column option on the alter table statement with the encrypt clause.

The syntax is:
alter table table_name modify column_name
	[encrypt [with [[database.][owner].]keyname]]

where keyname identifies a key created using create encryption key. The creator of the table must have select permission on keyname. If keyname is not supplied, SAP ASE looks for a default key created using the as default clause on the create encryption key.

See the Reference Manual: Commands.

There are restrictions for modifying encrypted columns:
  • You cannot modify a column for encryption or decryption on which you have created a trigger. You must:

    1. Drop the trigger.

    2. Encrypt or decrypt the column.

    3. Re-create the trigger.

  • You cannot change an existing encrypted column, modify a column for encryption or decryption on a table, or modify the type of an encrypted column if that column is a key in a clustered or placement index. You must:

    1. Drop the index.

    2. Alter the table/modify the type of column.

    3. Re-create the index.

You can alter the encryption property on a column at the same time you alter other attributes. You can also add an encrypted column using alter table.

For example:
alter table customer modify custid null encrypt with cc_key 
alter table customer add address varchar(50) encrypt with cc_key
Parent topic: Column Encryption