Add Encryption Configuration Settings to MarkLogic Server
To add encryption configuration settings to MarkLogic Server, follow these steps in the MarkLogic Server Admin Interface:
Click Clusters in the left navigation bar.
Click the Keystore tab. The Edit Keystore Configuration page appears:
In kms type, select
external.Click the External KMS tab.
Enter the following information to identify the Azure Key Vault and the required encryption key identifiers, adding the appropriate encryption key ID to each field:
Set host name using DNS Name from the Azure Key Vault (without the beginning
https://and the ending/, and ending withvault.azure.net).Set port to
443.Copy the encryption key IDs for the Azure Key Vault into the external data encryption key id, external config encryption key id, and external logs encryption key id fields.
Click OK to configure encryption.
Note
We recommend that you create three separate encryption key IDs (one for data, one for configuration, and one for logs). Give each a descriptive name in order to help distinguish between them.
Setting |
Description |
|---|---|
host name |
The host name of the external Key Vault. |
port |
The external Key Vault client socket port number. |
external data encryption key id |
The identifier of the encryption key from the external KMS that is to be used to encrypt data files. |
external config encryption key id |
The identifier of the encryption key from the external KMS that is to be used to encrypt config files. |
external logs encryption key id |
The identifier of the encryption key from the external KMS that is to be used to encrypt log files. |
For more about roles and privileges, see the MarkLogic Server on Microsoft® Azure® Guide.