PingDirectory

Setting the preferred encryption settings definition

To choose a different definition to be the one that is preferred for new encryption operations, use the encryption-settings set-preferred command.

This command supports the following arguments.

Argument Description

--id

A required argument that specifies the ID of the encryption settings definition that should become the new preferred definition.

The following is an example of the command with one of the arguments included.

$ bin/encryption-settings set-preferred \
     --id CA8A76C13DD5CC3F85A437119D9DC0867396910F64E228962A30FF80B36C3B63
Encryption settings definition
CA8A76C13DD5CC3F85A437119D9DC0867396910F64E228962A30FF80B36C3B63 was successfully set
as the preferred definition for subsequent encryption operations.

When creating a new definition that is used across multiple instances, you might want to omit the --set-preferred argument when running encryption-settings create. Instead, you should ensure that the definition is created across all instances first, and then use encryption-settings set-preferred to make it the new preferred definition. This helps avoid the chance that an instance that has not yet been updated with the new definition encounters an error when trying to decrypt data from another instance that is already using that definition.