Deleting an encryption settings definition
To free space in the encryption settings database, you can use the encryption-settings
tool to delete encryption settings definitions.
About this task
You should not remove an encryption settings definition that the server is currently using because it will no longer be possible to access any data encrypted by the removed definition. In some cases, removing a definition used to encrypt live data in the database (which can include local DB backends, the replication database, or the LDAP changelog) prevents the server from starting or accessing content in the backend.
Do not remove encryption settings definitions unless there is reason to believe they are compromised. If you believe a key has been compromised, see Handling compromised encryption settings definitions for details on safely removing that key. |
To delete an encryption settings definition:
Steps
-
Use the
encryption-settings
command with thedelete
subcommand.Make sure to include the
--id
argument to specify the definition.Argument Description --id <id>
(required)Specifies the ID of the encryption settings definition to delete.
Example:
$ bin/encryption-settings delete --id F635E109A8549651025D01D9A6A90F7C9017C66D
Result:
Successfully deleted encryption settings definition F635E109A8549651025D01D9A6A90F7C9017C66D