To create an encryption-settings definition:

  • To specify the definition, use the encryption-settings tool with the create subcommand.

    This subcommand takes the following arguments.

    The create subcommand accepted arguments
    Argument Description

    --cipher-algorithm <algorithm> (required)

    Specifies the base cipher algorithm to use. Make sure the <algorithm> input is the name of the algorithm, such as AES, DES, DESede, Blowfish, RC4.

    --cipher-transformation <transformation> (optional)

    Specifies the full cipher transformation to use including the cipher mode and padding algorithms, such as AES/CBC/ PKCS5Padding.

    If you do not provide this argument, the JVM-default transformation is used for the specified cipher algorithm.

    --key-length-bits <length> (required)

    Specifies the length of the encryption key in bits, such as 128.


    Indicates that the new encryption-settings definition is made the preferred definition and used for subsequent encryption operations in the server.

    By default, the first definition you create in the encryption-settings database is the preferred definition.

    $ bin/encryption-settings create --cipher-algorithm AES \
      --key-length-bits 128 --set-preferred
    Successfully created a new encryption settings definition with ID