A new configuration parameter has been introduced to control whether the transaction log file is encrypted. By default, this parameter is set to OFF (unencrypted), and it can be modified through the Configuration-By-Forms (CBF) utility.

The encryption setting is displayed in the Transaction Log Configuration screens. You can access this option from Transaction Log and then select the Configure option.

You will see two new items: a field displaying the encryption status and a new menu option ToggleEncrypt which allows fyou to switch the encryption status between OFF and ON and vice-versa.

Changing the encryption state from OFF to ON or ON to OFF requires reformatting of the transaction log file. When you select ToggleEncrypt, a warning is displayed.

If you select Yes, the system will proceed to check for any outstanding transactions, as it normally does during log file reformatting. If any transactions are detected, the standard warning message will be displayed.

It is generally recommended not to proceed in this situation. Instead, restart Ingres and allow it to recover any outstanding transactions. If you proceed, it will force a log file reformat, resulting in the loss of those transactions and necessitating recovery from a checkpoint.

This behavior is identical to manually reformatting the log file while the transactions are pending. The difference is instead of directly reformatting the log file, the encryption status has been updated which also requires reformatting of the log file.

When the log file is reformatted and the encryption status has been changed from OFF to ON, the newly created log file will be encrypted. The parameter change is recorded in the CBF change and this is displayed in the ChangeLog menu. A single parameter controls this setting, and it is applicable to both the log files when dual logging is enabled. The parameter can be viewed and modified from either of the Log Configuration screens, the Primary Log or the Dual Log even if the corresponding log file is not currently enabled.

Selecting ToggleEncrypt from the Dual Log screen will trigger a reformat of the Primary log file. As the encryption status is shared across both log files, any change to this setting will cause all enabled logs to be reformatted. If Dual Logging is enabled, both logs will be reformatted. It is generally more common to change the encryption status from the enabled log file configuration screen, but it can be modified from either screen.

If the log file has been deleted, for example, to change its size using the ToggleEncrypt option, it will update the parameter but will not reformat the log file, as no log currently exists. However, the updated encryption status will be applied the next time the log file is created.