Encrypting Data, Configuration, and Log Files
You can use your Key Management Service (KMS) to encrypt your data, configuration, and log files at the cluster level. By default, all encryption is off.
Note
Adding or changing any encryption information will require you to restart all the hosts in the cluster.
To encrypt data, configuration, or log files, follow these steps:
At the top of the page, choose the encryption options you want:
Field
Description
Data Encryption
Specifies whether or not encryption is enabled for user data. Choose among 3 options:
force: Causes all data in all databases in this cluster to be encrypted--even if a particular databases's Data Encryption setting isoff.default-on: Causes all data in all databases in this cluster to be encrypted--unless a particular database's Data Encryption setting isoff. Then that database's data will not be encrypted.default-off: Causes all data in all databases in this cluster not to be encrypted--unless a particular database's Data Encryption setting ison. Then that database's data will be encrypted.
See Encrypt a Database to turn on a database's Data Encryption setting and Turn off Encryption for a Database to turn it off.
Config Encryption
Specifies whether or not encryption is enabled for configuration files.
Logs Encryption
Specifies whether or not encryption is enabled for log files.
Audit Log Encryption
[v11.1.0 and up]
Specifies whether or not encryption is enabled for the audit log file even when Logs Encryption is disabled. (If Logs Encryption is enabled, the audit log file is encrypted regardless of this setting.)
Click OK. Your settings are saved, and the Summary tab for the local cluster appears.
Note
For more about MarkLogic encryption at rest and the internal KMS, see Configuring Encryption at Rest in Securing MarkLogic Server.