To free space in the encryption settings database, you can use the encryption-settings tool to delete encryption settings definitions.
You should not remove an encryption settings definition that the server is currently using because it will no longer be possible to access any data encrypted by the removed definition. In some cases, removing a definition used to encrypt live data in the database (which can include local DB backends, the replication database, or the LDAP changelog) prevents the server from starting or accessing content in the backend.
Do not remove encryption settings definitions unless there is reason to believe they are compromised. If you believe a key has been compromised, see Handling compromised encryption settings definitions for details on safely removing that key.
To delete an encryption settings definition:
Make sure to include the
--id argument to specify the
Specifies the ID of the encryption settings definition to delete.
$ bin/encryption-settings delete --id F635E109A8549651025D01D9A6A90F7C9017C66D
Successfully deleted encryption settings definition F635E109A8549651025D01D9A6A90F7C9017C66D