The wish is to start encrypted HA databases without hard-coding encryption keys in the service configurations... the administrato will enter the key when the database is started. According to the Help dbsrv17 -ep "instructs the database server to display a window where the user enters the encryption key for databases started on the command line that require an encryption key" when "The database server isn't a Windows service". So... how does one get that functionality for an HA partner database when dbsrv17 is started as a service? Does one start the service without the database specified on the command line, and then use a custom client that runs START DATABASE ... KEY ... MIRROR ON? asked 13 Jul '19, 08:21 Breck Carter |
If you are starting the server as a service, Windows does not allow the process (i.e. the server in this case) to interact with the desktop user. As a result the -ep switch cannot be used to have the server to prompt the desktop user for the encryption password. You will need to use some other method to start the service (e.g. start the service as a Windows Startup process) OR use some other method to provide the database encryption key (e.g. use an @parms file on the service command line and encrypt the @parms file using dbfhide -w or dbfhide -wm - see docs for more info). answered 13 Jul '19, 19:48 Mark Culp |
Isn't running a service and supplying start parameters via hand somewhat contradictory?
As to the background, see that older FAQ