Apache Derby includes a number of options for encrypting the database. Encrypting the database might be a requirement for many sensitive applications, especially if unauthorized users could access the actual database files. Encryption must be turned on at database creation time. There is no option to encrypt a database after it has been created.
Four options are associated with encryption, and they are specified as part of the connection string:
dataEncryption— Specifies data encryption on disk for a new database. This parameter must be specified, along with the create=true parameter, the bootPassword parameter, and optionally, the encryption provider and algorithm.
bootPassword— Specifies the key to use for encrypting ...