On this page
The cockroach debug encryption-active-key
command displays the encryption algorithm and store key for an encrypted store.
Synopsis
$ cockroach debug encryption-active-key [path specified by the store flag]
Subcommands
While the cockroach debug
command has a few subcommands, users are expected to use only the zip
, encryption-active-key
, merge-logs
, list-files
, tsdump
, and ballast
subcommands.
We recommend using the encryption-decrypt
and job-trace
subcommands only when directed by the Cockroach Labs support team.
The other debug
subcommands are useful only to Cockroach Labs. Output of debug
commands may contain sensitive or secret information.
Example
Start a node with Enterprise Encryption At Rest enabled:
$ cockroach start --store=cockroach-data --enterprise-encryption=path=cockroach-data,key=aes-128.key,old-key=plain --insecure --certs-dir=certs
View the encryption algorithm and store key:
$ cockroach debug encryption-active-key cockroach-data
AES128_CTR:be235c29239aa84a48e5e1874d76aebf7fb3c1bdc438cec2eb98de82f06a57a0