Encryption of your data is managed through encryption policies. When you create a policy, you specify what database object (table, index, LOB, or Type I area) will be encrypted and the strength of the encryption cipher for the object. If you do not specify a cipher, the default, AES_CBC_128, is used. Creating a policy does not encrypt your existing data; it indicates that all future writes are encrypted. See Encrypt your existing data for instructions on encrypting your existing data.

Encryption policies are created in several ways. See one of the following sections for more information: