On this page 
Warning:
GA releases for CockroachDB v23.1 are no longer supported. Cockroach Labs will stop providing LTS Assistance Support for v23.1 LTS releases on November 13, 2025. Prior to that date, upgrade to a more recent version to continue receiving support. For more details, refer to the Release Support Policy.
The cockroach debug encryption-active-key command displays the encryption algorithm and store key for an encrypted store.
Synopsis
$ cockroach debug encryption-active-key [path specified by the store flag]
Subcommands
While the cockroach debug command has a few subcommands, users are expected to use only the zip, encryption-active-key, merge-logs, list-files, tsdump, and ballast subcommands.
We recommend using the encryption-decrypt and job-trace subcommands only when directed by the Cockroach Labs support team.
The other debug subcommands are useful only to Cockroach Labs. Output of debug commands may contain sensitive or secret information.
Example
Start a node with Enterprise Encryption At Rest enabled:
$ cockroach start --store=cockroach-data --enterprise-encryption=path=cockroach-data,key=aes-128.key,old-key=plain --insecure --certs-dir=certs
View the encryption algorithm and store key:
$ cockroach debug encryption-active-key cockroach-data
AES128_CTR:be235c29239aa84a48e5e1874d76aebf7fb3c1bdc438cec2eb98de82f06a57a0
See also
Was this helpful?
