To choose a different definition to be the one that is preferred for new encryption operations, use the encryption-settings set-preferred command.
This command supports the following arguments.
Argument | Description |
---|---|
|
A required argument that specifies the ID of the encryption settings definition that should become the new preferred definition. |
The following is an example of the command with one of the arguments included.
$ bin/encryption-settings set-preferred \
--id CA8A76C13DD5CC3F85A437119D9DC0867396910F64E228962A30FF80B36C3B63
Encryption settings definition
CA8A76C13DD5CC3F85A437119D9DC0867396910F64E228962A30FF80B36C3B63 was successfully set
as the preferred definition for subsequent encryption operations.
When creating a new definition that is used across multiple instances, you
might want to omit the --set-preferred
argument when running
encryption-settings create
. Instead, you should ensure that the
definition is created across all instances first, and then use
encryption-settings set-preferred
to make it the new preferred
definition. This helps avoid the chance that an instance that has not yet been updated
with the new definition encounters an error when trying to decrypt data from another
instance that is already using that definition.