The interactive setup process, which is started when setup is run without any arguments, guides you through the process of enabling data encryption, but if you’re using non-interactive setup or manage-profile setup, then data encryption can be enabled by providing one of the following arguments.

Argument Description

--encryptDataWithPassphraseFromFile

Specifies the path to a file that contains the passphrase to use to generate the encryption settings definition that encrypt the data. If you provide the same passphrase when setting up multiple instances of the server, then each generates the same encryption settings definition, and each instance can access data encrypted by the other instances.

--encryptDataWithSettingsImportedFromFile

Specifies the path to a file that contains one or more encryption settings definitions to be imported into the newly created encryption settings database. Use the --encryptionSettingsExportPassphraseFile argument to provide the path to a file containing the passphrase used to encrypt those definitions. If you import the same encryption settings definitions into all servers in the topology, then each instance can access data encrypted by the other instances. See the Exporting encryption settings definitions section for more information on exporting the contents of the encryption settings database.

--encryptDataWithRandomPassphrase

Indicates that the server should enable data encryption with an encryption settings definition created from a randomly generated passphrase. If you use this option to set up multiple instances, then they will not have the same encryption settings definitions, and data encrypted by one instance is not accessible on other instances unless the encryption settings definitions are synchronized across all of those instances.