Skip to main content

Securing MarkLogic Server

Configure Encryption Using XQuery

Instead of using the Admin Interface, you can configure encryption for your MarkLogic Server instance using XQuery.

In Query Console, you can use admin:cluster-set-data-encryption to turn on data encryption for the current database:

xquery version "1.0-ml";
import module namespace admin = "http://marklogic.com/xdmp/admin" 
	  at "/MarkLogic/admin.xqy";

let $config := admin:get-configuration()
return 
  admin:cluster-set-data-encryption($config,"default-on")

For example, to set the encryption for log files at cluster level:

xquery version "1.0-ml"; 
import module namespace admin = "http://marklogic.com/xdmp/admin" 
  at "/MarkLogic/admin.xqy";

let $config := admin:get-configuration()
return 
  admin:cluster-set-logs-encryption($config, "default-on")
	 
(: returns the new configuration element -- use admin:save-configuration 
to save the changes to the configuration or pass the configuration to
other Admin API functions to make other changes.  :)

To see whether encryption is turned on for log files, you can run this XQuery in the Query Console:

xquery version "1.0-ml"; 
import module namespace admin = "http://marklogic.com/xdmp/admin" 
  at "/MarkLogic/admin.xqy";

let $config := admin:get-configuration()
return 
  admin:cluster-get-logs-encryption($config)
=>
on
 (: returns the encryption setting for log files:)
In this section: