When an encryption settings definition is compromised, all data encrypted with that definition is vulnerable and you must stop using the definition immediately.
If an encryption settings definition is compromised, stop using that definition immediately. You must re-encrypt any data encrypted with the compromised definition using a new definition or purge that data from the server. To minimize the risk of data exposure, act quickly on all servers using this definition and act on one server at a time to avoid environment-wide downtime.
Before removing the compromised encryption settings definition, you should run the encrypt-file --find-encrypted-files command to search for encrypted files on the server. If any files are encrypted with a key tied to the compromised encryption settings definition, those files will no longer be accessible after you remove the definition, potentially preventing the server from starting or from functioning properly. If any encrypted files are found, run encrypt-file --re-encrypt to re-encrypt the files with a different definition before removing the compromised definition.
If you have a compromised encryption settings definition: