The encryption-settings tool with the delete
subcommand provides a mechanism for deleting an encryption-settings definition.
If data in the server is encrypted using the settings contained in that definition,
never delete an encryption-settings definition. Any data encrypted with a definition
that has been removed from the database is inaccessible to the server and causes errors
for any attempt to access it. This includes the replicationChanges
and
Changelog Databases in which the re-encode-entries tool does not
re-encode with the new encryption-settings definition. Before removing previous
encryption-settings definitions, wait for the amount of time defined in the
replication-purge-delay of the Replication Server and
changelog-maximum-age of the Changelog Backend, if enabled. To
safely delete a compromised encryption-settings definition, see Dealing with a Compromised
Encryption Key.
To stop using a definition for encryption and use a different definition, make sure that the desired definition exists in the encryption-settings database and set it as the preferred definition. As long as the encryption key is not compromised, there is no harm in having old encryption-settings definitions available to the server. Retain the old encryption-settings definitions in case they are referenced by something.
The preferred encryption-settings definition cannot be deleted unless it is the only one left. To delete the currently-preferred definition when one or more other definitions are available, make one of the other definitions preferred as described in the previous section.
To delete an encryption-settings definition: