--- title: Freezing the encryption settings database description: You can freeze the encryption settings database with a specified passphrase. While it is frozen, the database operates in read-only mode. component: pingdirectory version: 11.0 page_id: pingdirectory:pingdirectory_security_guide:pd_ds_freezing_encryption_settings_database canonical_url: https://docs.pingidentity.com/pingdirectory/11.0/pingdirectory_security_guide/pd_ds_freezing_encryption_settings_database.html revdate: July 4, 2024 section_ids: about-this-task: About this task steps: Steps example: Example: example-2: Example: example-3: Example: --- # Freezing the encryption settings database You can freeze the encryption settings database with a specified passphrase. While it is frozen, the database operates in read-only mode. ## About this task If the encryption settings database is frozen, the server can use the database for data encryption processing but will not allow any of the following: * Creating new encryption settings definitions * Importing encryption settings definitions from an exported set * Removing encryption settings definitions * Specifying which definition is preferred for new encryption operations * Adding or removing data encryption restrictions To make changes to a frozen database, you must unfreeze it by providing the passphrase originally used to freeze it. ## Steps * To freeze the encryption settings database, use the `encryption-settings freeze` command. This command supports the `--passphrase-file ` argument, which specifies the path to a file containing the passphrase to use for freezing the encryption settings database. If the argument is not provided, the `encryption-settings freeze` command prompts the user for the passphrase. ### Example: ```shell $ bin/encryption-settings freeze Enter the passphrase to use to freeze the encryption settings database: Confirm the freeze passphrase: Successfully froze the encryption settings database. ``` * To unfreeze the encryption settings database, use the `encryption-settings unfreeze` command and provide the passphrase originally used to freeze the database. This command supports the `--passphrase-file ` argument, which specifies the path to a file containing the passphrase to use for unfreezing the encryption settings database. If this argument is not provided, the `encryption-settings unfreeze` command prompts the user for the passphrase. ### Example: ```shell $ bin/encryption-settings unfreeze Enter the passphrase used to freeze the encryption settings database: Successfully unfroze the encryption settings database. ``` * To determine whether the encryption settings database is currently frozen, use the `encryption-settings is-frozen` command. This command does not require any arguments. ### Example: ```shell $ bin/encryption-settings is-frozen The encryption settings database was frozen at Mon Mar 06 22:42:10 UTC 2023. ```