The create subcommand provides a mechanism for creating a new encryption-settings definition.
To create an encryption-settings definition:
To specify the definition, use the encryption-settings tool with
This subcommand takes the following arguments.
The create subcommand accepted arguments Argument Description
Specifies the base cipher algorithm to use. Make sure the
<algorithm>input is the name of the algorithm, such as AES, DES, DESede, Blowfish, RC4.
Specifies the full cipher transformation to use including the cipher mode and padding algorithms, such as AES/CBC/ PKCS5Padding.
If you do not provide this argument, the JVM-default transformation is used for the specified cipher algorithm.
Specifies the length of the encryption key in bits, such as 128.
Indicates that the new encryption-settings definition is made the preferred definition and used for subsequent encryption operations in the server.
By default, the first definition you create in the encryption-settings database is the preferred definition.
$ bin/encryption-settings create --cipher-algorithm AES \ --key-length-bits 128 --set-preferred
Successfully created a new encryption settings definition with ID F635E109A8549651025D01D9A6A90F7C9017C66D