Skip to main content

Administrating MarkLogic Server

Encrypting Data, Configuration, and Log Files

You can use your Key Management Service (KMS) to encrypt your data, configuration, and log files at the cluster level. By default, all encryption is off.

Note

Adding or changing any encryption information will require you to restart all the hosts in the cluster.

To encrypt data, configuration, or log files, follow these steps:

  1. Access the Edit Keystore Configuration page.

  2. At the top of the page, choose the encryption options you want:

    Field

    Description

    data encryption

    Specifies whether or not encryption is enabled for user data. Choose among 3 options:

    • force: Causes all data in all databases in this cluster to be encrypted--even if a particular databases's data encryption setting is off.

    • default-on: Causes all data in all databases in this cluster to be encrypted--unless a particular database's data encryption setting is off. Then that database's data will not be encrypted.

    • default-off: Causes all data in all databases in this cluster not to be encrypted--unless a particular database's data encryption setting is on. Then that database's data will be encrypted.

    See Encrypt a Database to turn on a database's data encryption setting and Turn off Encryption for a Database to turn it off.

    config encryption

    Specifies whether or not encryption is enabled for configuration files.

    logs encryption

    Specifies whether or not encryption is enabled for log files.

  3. Click ok. Your settings are saved, and the Summary tab for the local cluster appears.

Note

For more about MarkLogic encryption at rest and the internal KMS, see Configuring Encryption at Rest in Securing MarkLogic Server.