To free space in the encryption settings database, you can use the encryption-settings tool to delete encryption settings definitions.
You should not remove an encryption settings definition that the server is currently using because it will no longer be possible to access any data encrypted by the removed definition. In some cases, removing a definition used to encrypt live data in the database (which can include local DB backends, the replication database, or the LDAP changelog) prevents the server from starting or accessing content in the backend.
Do not remove encryption settings definitions unless there is reason to believe they are compromised. If you believe a key has been compromised, see Handling compromised encryption settings definitions for details on safely removing that key.
To delete an encryption settings definition: