Encrypt private keys

Enable PEM encryption to automatically encrypt all private keys on disk. Public keys (.cert files) are not encrypted.

When certificates are rotated, the encrypted private keys are also rotated.

Enable PEM encryption

To enable PEM encryption and encrypt private keys on the disk, use rladmin or the REST API.

• rladmin cluster config:

  rladmin cluster config encrypt_pkeys enabled
  

• Update cluster settings REST API request:

  PUT /v1/cluster
  { "encrypt_pkeys": true }
  

Deactivate PEM encryption

To deactivate PEM encryption and decrypt private keys on the disk, use rladmin or the REST API.

• rladmin cluster config:

  rladmin cluster config encrypt_pkeys disabled
  

• Update cluster settings REST API request:

  PUT /v1/cluster
  { "encrypt_pkeys": false }