lbcli enable cluster-encryption
Enables cluster level encryption. Once enabled, all data written to disks will be encrypted.
Synopsis
Enables cluster level encryption. Once enabled, each volume will be encrypted with a Data Encryption Key (DEK), which is in turn encrypted by a Key Encryption Key (KEK). You can select the KeyStore type in the request: either tpm or file.
Note that cluster-encryption cannot be disabled once activated.
lbcli enable cluster-encryption [flags]Examples:
x
# Enables cluster-level encryption and stores the Cluster Encryption Key (KEK) in TPM (the server must have TPM 2.0 enabled)lbcli -J $JWT enable cluster-encryption --keyStore=tpm# Enables cluster-level encryption and stores the Cluster Encryption Key (KEK) encrypted on disk.lbcli -J $JWT enable cluster-encryption --keyStore=file| Flag | Short | Type | Default | Description |
|---|---|---|---|---|
| --help | -h | bool | Help for cluster-encryption. | |
| --keyStore | string | "file" | The allowed keystore options are file or tpm. |
Was this page helpful?