Search
Lightbits Command Line Interface
Title
Message
Create new category
What is the title of your new category?
Edit page index title
What is the title of the page index?
Edit category
What is the new title of your category?
Edit link
What is the new title and URL of your link?
lbcli enable cluster-encryption
Copy Markdown
Open in ChatGPT
Open in Claude
Enables cluster level encryption. Once enabled, all data written to disks will be encrypted.
Synopsis
Enables cluster level encryption. Once enabled, each volume will be encrypted with a Data Encryption Key (DEK), which is in turn encrypted by a Key Encryption Key (KEK). You can select the KeyStore type in the request: either tpm or file.
Note that cluster-encryption cannot be disabled once activated.
Bash
lbcli enable cluster-encryption [flags]Examples:
Bash
x
# Enables cluster-level encryption and stores the Cluster Encryption Key (KEK) in TPM (the server must have TPM 2.0 enabled)lbcli -J $JWT enable cluster-encryption --keyStore=tpm# Enables cluster-level encryption and stores the Cluster Encryption Key (KEK) encrypted on disk.lbcli -J $JWT enable cluster-encryption --keyStore=file| Flag | Short | Type | Default | Description |
|---|---|---|---|---|
| --help | -h | bool | Help for cluster-encryption. | |
| --keyStore | string | "file" | The allowed keystore options are file or tpm. |
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Last updated on
Was this page helpful?
Next to read:
lbcli enable federated-authentication© 2026 Lightbits Labs™
Discard Changes
Do you want to discard your current changes and overwrite with the template?
Archive Synced Block
Message
Create new Template
What is this template's title?
Delete Template
Message