Manage the OpenEdge Database

PROUTIL EPOLICY MANAGE qualifier

Save PDF

Table of Contents

PROUTIL EPOLICY MANAGE qualifier

Save PDF

Last Updated: June 11, 2025
2 minute read

OpenEdge
Version 12.2
Documentation

PROUTIL EPOLICY MANAGE qualifier

Manages the encryption policies for the specified database object, or the autostart or keystore status.

Syntax

`proutil db-name -C epolicy manage [object-type {encrypt \|cipher \|rekey\|update} object-name ] \|[keystore {reconstruct \|rebind \|userphrase \|adminphrase}] \|[autostart { admin\|user \|disable}] [[-userid userid][-password password][-Passphrase][-silent]]`

proutil db-name -C epolicy manage 
      [object-type {encrypt |cipher |rekey|update} object-name ]
     |[keystore {reconstruct |rebind |userphrase |adminphrase}]
     |[autostart { admin|user |disable}] 
      [[-userid userid][-password password][-Passphrase][-silent]]

Parameters

db-name

Name of the database.

object-type

Specifies the type of database object being managed. Valid object types are: area, index, lob, and table.

encrypt

Specifies that the action on the object is to encrypt the blocks.

cipher

Specifies that the action on the object is to change the cipher. You must have previously encrypted the object.

rekey

Specifies that the action on the object is to change the cipher key. You must have previously encrypted the object.

update

Specifies that the action on the object is to update all the blocks of the object. Update scans all the blocks in an object and updates the blocks to the current encryption policy.

object-name

Specifies the name of the object identified by object-type. For the object-type area, the object type must specify a Type I area. For all other object-type values, the specific object must reside in a Type II area.

keystore reconstruct

Specifies regeneration of the database keystore. You are prompted for the database master key passphrase.

You can only reconstruct database master keys generated using a PBE cipher, that is cipher DBS_CBC_PBE for keystores created in Release 12.1 and lower, and cipher AES128_CBC_PBE or cipher AES256_CBC_PBE for Releases 12.2 and higher.

keystore rebind

Specifies to rebind a new database guid with database master policy after executing PROCOPY -newinstance. You are always prompted for the keystore admin passphrase when running this command.

keystore userphrase

Specifies to change the keystore user passphrase. You must make an OS backup of the keystore file before you run this command. The command prompts you for the user passphrase, and to confirm backup. (You may use the -silent parameter to suppress the prompt about OS backup.) A blank passphrase is acceptable. The database must be in single-user mode to run this command.

keystore adminphrase

Specifies to change the keystore admin passphrase. You must make an OS backup of the keystore file before you run this command. The command prompts you for the admin passphrase, and to confirm backup. (You may use the -silent parameter to suppress the prompt about OS backup.) A blank passphrase is not acceptable. The database must be in single-user mode to run this command.

autostart user

Specifies that the database can be started in unattended mode with the keystore user account.

autostart admin

Specifies that the database can be started in unattended mode with the keystore admin account.

autostart disable

Specifies that the database cannot be started in unattended mode.

-userid userid -password password

Specifies the userid and password of an authenticated database administrator.

-Passphrase

Specifies that the user must be prompted for the keystore administrator passphrase to authenticate the key store before running this command.

-silent

Suppresses the message that asks if you backed up the existing keystore.

Notes

Operations on areas must be performed while the database is offline.
For details on Transparent Data Encryption, see Transparent Data Encryption and OpenEdge Getting Started: Core Business Services - Security and Auditing.