PingDirectory

Removing encryption settings definitions

To remove an encryption settings definition, use the encryption-settings delete command.

This command takes the following arguments.

Argument Description

--id

A required argument that indicates which encryption settings definition should be removed.

--no-prompt

An optional argument that indicates that the specified definition should be removed without prompting for confirmation.

The following is an example of the command with one of the arguments included.

$ bin/encryption-settings delete \
     --id 494DCE52DE58D0A44E56B9E80FC62B257870F2FC7CEEDCA150F4EF51829D7B20
If the encryption definition is being used to encrypt existing objects in the system,
then those objects will no longer be able to be decrypted. In certain cases, the
server may not be able to be restarted until those objects are deleted. Are you sure
about deleting it (yes/no)?  yes
Successfully deleted encryption settings definition
494DCE52DE58D0A44E56B9E80FC62B257870F2FC7CEEDCA150F4EF51829D7B20.

Before you delete an encryption settings definition, you should make sure that it is not still in use. If you remove an encryption settings definition that is still in use within the database, then any data encrypted with that key becomes inaccessible and operations that attempt to access it fail. See Re-encrypting data in the database for more information about this.

Also note that the tool will not allow you to remove the preferred encryption settings definition. If you want to remove the preferred definition, then you must make another definition the preferred definition. See the Setting the preferred encryption settings definition for more information.