Locating the keystore for a Db2 database

You can use a database manager configuration parameter to locate the encryption keystore for a Db2® database on Cloud Pak for Data.

About this task

The keystore is used for Db2 native encryption for data at rest. You might need to know the keystore location if you are performing a backup of the database with the intention of restoring it on a different deployment. You can also back up the keystore separately and not necessarily as part of a restore operation.

Procedure

  1. Exec into the Db2 pod.
  2. Become the Db2 instance owner: 
    su - ${DB2INSTANCE}
  3. Find the KEYSTORE_LOCATION database manager configuration parameter: 
    db2 get dbm cfg | grep KEYSTORE_LOCATION

    The command returns a value that is similar to the following example:

    Keystore location   (KEYSTORE_LOCATION) = /mnt/blumeta0/db2/keystore/keystore.p12