Show Table of Contents
10.6. General Considerations after Enabling Attribute Encryption
When you enable encryption for data that is already in the database:
- Unencrypted data can persist in the server's database page pool backing file. To remove this data:
- Stop the instance:
# systemctl stop dirsrv@instance_name
- Delete the
/var/lib/dirsrv/slapd-instance_name/db/guardianfile:# rm /var/lib/dirsrv/slapd-instance_name/db/guardian
- Start the instance:
# systemctl start dirsrv@instance_name
- After you enabled encryption and successfully imported the data, delete the LDIF file with the unencrypted data.
- After enabling encryption, the Directory Server deletes and creates a new database when re-importing the data.
- The replication log file is not encrypted. To protect this data, store it on an encrypted disk.
- Data in the server's memory (RAM) is unencrypted and can be temporarily stored in swap partitions. To protect this data, set up encrypted swap space.
Important
Even if you delete files that contain unencrypted data, this data can be restored under certain circumstances.
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.