If data in the server is encrypted using the settings contained in that definition, never delete an encryption-settings definition. Any data encrypted with a definition that has been removed from the database is inaccessible to the server and causes errors for any attempt to access it. This includes the replicationChanges and Changelog Databases in which the re-encode-entries tool does not re-encode with the new encryption-settings definition. Before removing previous encryption-settings definitions, wait for the amount of time defined in the replication-purge-delay of the Replication Server and changelog-maximum-age of the Changelog Backend, if enabled. To safely delete a compromised encryption-settings definition, see Dealing with a Compromised Encryption Key.

To stop using a definition for encryption and use a different definition, make sure that the desired definition exists in the encryption-settings database and set it as the preferred definition. As long as the encryption key is not compromised, there is no harm in having old encryption-settings definitions available to the server. Retain the old encryption-settings definitions in case they are referenced by something.


The preferred encryption-settings definition cannot be deleted unless it is the only one left. To delete the currently-preferred definition when one or more other definitions are available, make one of the other definitions preferred as described in the previous section.

To delete an encryption-settings definition:

  • To delete an encryption-settings definition, use the encryption-settings command with the delete subcommand.

    Make sure to include the --id argument to specify the definition.

    The delete subcommand accepted argument
    Argument Description

    --id <id>(required)

    Specifies the ID to export for the encryption-settings definition.

    $ bin/encryption-settings delete --id F635E109A8549651025D01D9A6A90F7C9017C66D
    Successfully deleted encryption settings definition