Encryption at Rest
Encryption at rest protects your data on media - which is “data at rest” as opposed to data moving across a communications channel, otherwise known as “data in motion.” Increasing security risks and compliance requirements sometimes mandate the use of encryption at rest to prevent unauthorized access to data on disk.
Note
To use encryption at rest with an external key management system (KMS), an Advanced Security License key that includes this feature is required. For details on purchasing a license key for the Advanced Security features, contact your MarkLogic Server sales representative. See Licensing for more information.
Encryption at rest can be configured to encrypt data, log files, and configuration files separately. Encryption is only applied to newly created files once encryption at rest is enabled and does not apply to existing files without further action by the user. For existing data, a merge or re-index will trigger encryption of data, a configuration change will trigger encryption of configuration files, and log rotation will initiate log encryption.