You can enable database encryption so that the master key passphrase is required on every database use, including starting the database server.
This level can be used when a database with sensitive content is stored on a portable device such as a laptop and you want to prevent any unauthorized access. For maximum benefit, you should stop the database server each time you have finished accessing it, especially before hibernating a laptop or putting it to sleep.
As a Windows‑generated dialog is shown each time the master key is used with strong security, you should run the database server as a desktop application rather than as a service.
With strong security, the master key passphrase is not included as part of the export file data. When you use the ImportMasterKey action, you must enter the export file passphrase and then also enter the master key passphrase twice. It is not possible to force the same master key passphrase to be used.
When you enable database encryption, use a jdbcrypt command with the following syntax.
jdbcrypt path=database-path ini=initialization-file action=EnableDatabaseEncryption AccessCheck=Strong ExportPath=file-path
You can also specify the MultipleExport=true argument for the EnableDatabaseEncryption action, but this allows anyone who knows the master key passphrase to export additional copies of the master key for abuse elsewhere. This is not recommended.