The lifetime of an encryption key for data at rest may be shorter than the lifetime of the data it protects. When an encryption key is to be retired but the data it protects must stay (readable and usable), the data must be re-encrypted with a new key. The process is the same as for migrating unencrypted data to encrypted data for the first time.
When new encryption keys are to be established for Adabas container datasets, use the same process as for encrypting the datasets for the first time:
For ASSO and DATA, use one of the methods for migrating to an encrypted database described in the previous section Migrating to an Encrypted Database.
For the other database container datasets (WORK, PLOG, and so on), use the appropriate method described in Encryption of Container Datasets.
Specify new key labels for the new datasets.