---
title: Using the encryption-settings tool
description: The encryption-settings tool provides a mechanism for interacting with the server's encryption settings database.
component: pingdirectory
version: 11.0
page_id: pingdirectory:pingdirectory_server_administration_guide:pd_ds_encryption_settings_tool
canonical_url: https://docs.pingidentity.com/pingdirectory/11.0/pingdirectory_server_administration_guide/pd_ds_encryption_settings_tool.html
revdate: September 13, 2023
section_ids:
  about-this-task: About this task
  steps: Steps
  example: Example:
  result: Result:
---

# Using the encryption-settings tool

The `encryption-settings` tool provides a mechanism for interacting with the server's encryption settings database.

## About this task

Use the `encryption-settings` tool to:

* List the available encryption settings definitions.

* Create new encryption settings definitions.

* Delete existing encryption settings definitions.

* Indicate which encryption settings definition is the preferred definition.

* Export encryption settings definitions to a file for backup purposes and to allow them to be imported for use in other PingDirectory server instances.

* Enable and disable data encryption restrictions for the server and list active restrictions.

* Freeze or unfreeze the encryption settings database.

* Supply the passphrase for the Wait for Passphrase cipher stream provider to unlock the encryption settings database.

## Steps

* To display the set of available encryption settings definitions, use the `encryption-settings` tool with the `list` subcommand.

  This subcommand does not take any arguments.

  ### Example:

  ```shell
  $ bin/encryption-settings list
  ```

  ### Result:

  For each definition, the result includes:

  * The unique identifier for the definition

  * Whether the definition is the preferred definition

  * The cipher transformation and key length that are used for encryption

    ```
    Encryption Settings Definition ID: 4D86C7922F71BB57B8B5695D2993059A26B8FC01
    Preferred for New Encryption: false
    Cipher Transformation: DESede
    Key Length (bits): 192

    Encryption Settings Definition ID: F635E109A8549651025D01D9A6A90F7C9017C66D
    Preferred for New Encryption: true
    Cipher Transformation: AES
    Key Length (bits): 128
    ```