The database tab allows the users to choose between a local H2 database or a remote H2 database to be used by erwin DT.
If installing with a local database, you’ll be allowed to choose between two options:
Database does not already exist (for a new installation)
Database already exists (for an upgrade from a previous version or when reconfiguring). In this case you can chose between maintain existing data or not.
See Appendix A for H2 remote installation.
For local H2 databases, the H2 database file can optionally be encrypted. By default, no file encryption is used. Futher information on H2 database file encryption can be found at https://www.h2database.com/html/main.html
Supported stores for the encryption key include the erwin Data Transformation properties file, or the Microsoft Azure Key Vault.
When using the Properties File, the only value required is the file encyption key to be used. This key will be stored encypted in the erwinDataTransformation.properties file in the erwin DT install directory.
Azure Key Value
When using the Azure Key Vault, the user must provide the url of the Key Vault to be used, the name of the key to be used, and the credentials of a client that has access to the required key. Note that the credentials will be stored encypted in the erwinDataTransformation.properties file in the erwin DT install directory.
Encrypting Database File
To encrypt a previously unencrypted database file, select the key store and provide the required credentials.
Maintaining Database Encryption
•If the database has previously been encrypted, and the required information can be resolved from the erwinDataTransformation.properties file in the erwin DT install directory, these values will be read into the erwin Data Transformation configuration. However, the user will be blocked from changing or removing the database file encryption without first re-entering the existing credentials.
•If the database file has previously been encrypted but the erwin DT configuration is unaware of the previous encryption settings (e.g. if it has been encypted by a source other than erwin DT, or if the configuration settings have been deleted), then the user should enter the credentials required to read the encrypted file.