You can use the encrypt-file tool to encrypt and decrypt files with an encryption settings definition or with a supplied passphrase.
When a file is encrypted with an encryption settings definition, the server can automatically determine that the file is encrypted, retrieve the associated definition from the encryption settings database, and use it to access the file's contents.
Encrypting a file with an encryption settings definition is useful for files containing sensitive content needed for processing. Examples include:
- PIN files for certificate keys and trust stores
- The tools.properties file that contains default arguments for command-line tools
- Bind password files for command-line tools
- Files used for file-based passphrase providers
The server does not support encrypting the configuration or schema files. It also does not support encrypting files needed by the configured cipher stream provider to access the encryption settings database.
To encrypt a file with the server's preferred encryption settings definition: