Managing data encryption in the global configuration
If data encryption is not enabled during setup, you can enable it at any time by ensuring that the server is configured with an appropriate encryption settings definition and updating the following properties in the global configuration.
Property | Description |
---|---|
|
Indicates whether data encryption should be enabled. Upon enablement, any writes to backends, the replication database, and the LDAP changelog are encrypted, but existing data remains unencrypted. Any unencrypted data in the replication database and LDAP changelog is eventually removed in accordance to their purging configuration, but we recommend exporting backends to LDIF and re-importing to ensure that all of the data that they contain is encrypted. |
|
The cipher stream provider that should be used to protect the contents of the encryption settings database. See the Configuring cipher stream providers topic for more detail. |
|
Indicates whether any new backups that are created should automatically be encrypted with a key from the encryption settings database. If you want to create a backup that is not encrypted, then you can provide the |
|
The ID of the encryption settings definition that is used when encrypting backups by default. If this is not specified, then the server’s preferred encryption settings definition is used. |
|
Indicates whether any new LDIF exports that are created should be automatically encrypted with a key from the encryption settings database. As with the backup tool, the export-ldif tool offers the |
|
The ID of the encryption settings definition that is used when encrypting LDIF exports by default. If this is not specified, then the server’s preferred encryption settings definition is used. |
|
Indicates whether the server should automatically compress LDIF exports that are encrypted. |