Database Encryption Options
You can configure encryption for each database on the Database Configuration page in the Admin Interface. Encryption at rest can be separately enabled per database, or at the cluster level by setting the database encryption to default to the cluster encryption settings. The encryption options for databases are shown in this table:
Encryption |
Encryption Option: Default-Cluster |
Encryption Option: On |
Encryption Option: Off |
|---|---|---|---|
Database encryption |
encryption defaults to cluster setting |
encryption enabled for database |
encryption off, unless cluster encryption is set to force encryption |
With encryption enabled, files are encrypted as they are ingested into the database, or when those files are written back to disk. If you want to encrypt existing data in a database either reindex the database or force a merge on the database. This will take a few minutes depending on the size of database. See Cluster Encryption Options
Note
Large binary files are only encrypted during initial ingestion into the database. If you want to encrypt existing large binary files already loaded into MarkLogic Server prior to turning on encryption, you must reindex the database or force a merge.
To configure database encryption, go to the Admin Interface and click Databases in the left navigation tree.
Click on the database you want to encrypt.
On the Database Configuration page, next to data encryption, select
onfrom the drop-down menu. (The other options aredefault-clusterandoff.)Click OK when you are done.