You can use the REST API or the initial configuration script to configure the encryption environment settings. Many of the settings depend on whether you use a KMS. The following table lists the encryption environment settings and indicates when each setting should be enabled.
For details about using the initial configuration script, see Using the initial configuration script to configure the encryption environment and Running the initial configuration script.
Encryption environment settings
Setting | No KMS | KMS |
---|---|---|
Configure the KMS POST kms-settings |
-- | Configure each attribute. |
Set up encryption environment PATCH encryption-settings/instance |
||
Enable encrypted environments (isEnabled) |
Enabled | Enabled |
Using a KMS (usesKms) |
Disabled | Enabled |
Prohibit local key generation (prohibitsLocalKeyGeneration) |
Disabled |
If you enable "Prohibit local key generation", the setting cannot be changed. Make sure that it is safe to enable this setting. |
Use the following procedure to configure the encryption environment. If you are not using a KMS, perform only step 4.