Encrypting databases on disk

Derby provides a way for you to encrypt your data on disk.

Typically, database systems encrypt and decrypt data in transport over the network, using industry-standard systems. This system works well for client/server databases; the server is assumed to be in a trusted, safe environment, managed by a system administrator. In addition, the recipient of the data is trusted and should be capable of protecting the data. The only risk comes when transporting data over the wire, and data encryption happens during network transport only.

However, Derby databases are platform-independent files that are designed to be easily shared in a number of ways, including transport over the Internet. Recipients of the data might not know how, or might not have the means, to properly protect the data.

This data encryption feature provides the ability to store user data in an encrypted form. The user who boots the database must provide a boot password.

Note: Jar files stored in the database are not encrypted.
Related concepts
Configuring security for your environment
Working with user authentication
Users and authorization identifiers
User authorizations
Signed jar files
Notes on the Derby security features
User authentication and authorization examples
Running Derby under a security manager
Related tasks
Encrypting a database when you create it
Booting an encrypted database