cockroach debug encryption-active-key

On this page Carat arrow pointing down
As of May 16, 2023, CockroachDB v21.2 is no longer supported. For more details, refer to the Release Support Policy.

The cockroach debug encryption-active-key command displays the encryption algorithm and store key for an encrypted store.


$ cockroach debug encryption-active-key [path specified by the store flag]


While the cockroach debug command has a few subcommands, users are expected to use only the zip, encryption-active-key, merge-logs, list-files, tsdump, and ballast subcommands.

We recommend using the job-trace subcommand only when directed by the Cockroach Labs support team.

The other debug subcommands are useful only to CockroachDB's developers and contributors.


Start a node with encryption-at-rest enabled:

$ cockroach start --store=cockroach-data --enterprise-encryption=path=cockroach-data,key=aes-128.key,old-key=plain --insecure --certs-dir=certs

View the encryption algorithm and store key:

$ cockroach debug encryption-active-key cockroach-data

See also

Yes No
On this page

Yes No