Encrypting Data, Configuration, and Log Files
- Last Updated: April 14, 2026
- 1 minute read
- MarkLogic Server
- Version 10.0
- Documentation
You can use your Key Management Service (KMS) to encrypt your data, configuration, and log files at the cluster level. By default, all encryption is off.
Note: Adding or changing any encryption information will require you to restart all the hosts in the cluster.
To encrypt data, configuration, or log files, follow these steps:
-
Access the Edit Keystore Configuration page.
-
At the top of the page, choose the encryption options you want:
Field
Description
data encryption
Specifies whether or not encryption is enabled for user data. Choose among 3 options:
force: Causes all data in all databases in this cluster to be encrypted--even if a particular databases's data encryption setting isoff.default-on: Causes all data in all databases in this cluster to be encrypted--unless a particular database's data encryption setting isoff. Then that database's data will not be encrypted.default-off: Causes all data in all databases in this cluster not to be encrypted--unless a particular database's data encryption setting ison. Then that database's data will be encrypted.
See Encrypt a Database to turn on a database's data encryption setting and Turn off Encryption for a Database to turn it off.
config encryption
Specifies whether or not encryption is enabled for configuration files.
logs encryption
Specifies whether or not encryption is enabled for log files.
-
Click OK. Your settings are saved, and the Summary tab for the local cluster appears.
Note:
For more about MarkLogic encryption at rest and the internal KMS, see Configuring Encryption at Rest in Securing MarkLogic Server.