Add Encryption Configuration Settings to MarkLogic Server
- Last Updated: May 20, 2026
- 2 minute read
- MarkLogic Server
- Version 12.0
- Documentation
To add encryption configuration settings to MarkLogic Server, follow these steps in the MarkLogic Server Admin Interface:
-
Click Clusters in the left navigation bar.
-
Click the Keystore tab. The Keystore page appears:
-
In KMS Type, select
external. -
Click the External KMS tab.
-
Enter the following information to identify the Azure Key Vault and the required encryption key identifiers, adding the appropriate encryption key ID to each field:
-
Set host name using DNS Name from the Azure Key Vault (without the beginning
https://and the ending/, and ending withvault.azure.net). -
Set port to
443. -
Copy the encryption key IDs for the Azure Key Vault into the external data encryption key id, external config encryption key id, and external logs encryption key id fields.
-
-
Click OK to configure encryption.
Note: We recommend that you create three separate encryption key IDs (one for data, one for configuration, and one for logs). Give each a descriptive name in order to help distinguish between them.
Setting |
Description |
|---|---|
host name |
The host name of the external Key Vault. |
port |
The external Key Vault client socket port number. |
external data encryption key id |
The identifier of the encryption key from the external KMS that is to be used to encrypt data files. |
external config encryption key id |
The identifier of the encryption key from the external KMS that is to be used to encrypt config files. |
external logs encryption key id |
The identifier of the encryption key from the external KMS that is to be used to encrypt log files. |
For more about roles and privileges, see the MarkLogic Server on Microsoft® Azure® Guide.