Encryption Key for Database Backups
MarkLogic 11 now supports using the database encryption key for database backups. In versions prior to MarkLogic 11, encrypted database backups are encrypted using the cluster encryption key. In MarkLogic 11, this can be changed to use the database encryption key or the cluster encryption key. This setting is on a per-database basis, so each database can use its own key when encrypting backups. The default setting in MarkLogic 11 is to use the cluster encryption key.
See the following built-in functions for more details:
Function |
Description |
|---|---|
Sets whether the database key or cluster key will be used for encryption of backups for the given database. This can only be set when an external KMS is configured |
|
Gets whether the database key or cluster key will be used for encryption of backups for the given database |
See Encryption at Rest in Securing MarkLogic Server for more details about the encryption key hierarchy used by MarkLogic.