diff --git a/product_docs/docs/tde/15/secure_key/disabling_key.mdx b/product_docs/docs/tde/15/secure_key/disabling_key.mdx index 83a33598ebb..8ded20dc4e2 100644 --- a/product_docs/docs/tde/15/secure_key/disabling_key.mdx +++ b/product_docs/docs/tde/15/secure_key/disabling_key.mdx @@ -4,15 +4,15 @@ description: Learn how to omit using a wrapping key. deepToc: true --- -If you don't want key wrapping, for example, for testing purposes, you can use either one of the following options to disable key wrapping: +If you don't want key wrapping, for example, for testing purposes, you can use either of the following options to disable key wrapping: -- You can set the wrap and unwrap commands to the special value `-` when initializing the cluster with `initdb`. For example, with the flags `--key-wrap-command=-` and `--key-unwrap-command=-`. +- You can set the wrap and unwrap commands to the special value `-` when initializing the cluster with `initdb`. For example, you can use the flags `--key-wrap-command=-` and `--key-unwrap-command=-`. -- Or you can disable key wrapping when initializing the cluster with `initdb` by adding the flag `--no-key-wrap`. +- You can disable key wrapping when initializing the cluster with `initdb` by adding the flag `--no-key-wrap`. -With either one of the configurations, TDE generates encryption key files, but leaves them unprotected. +With either of the configurations, TDE generates encryption key files but leaves them unprotected. -For `intidb --data-encryption` to run successfully, you have to either specify a wrapping/unwrapping command, set a fallback environment variable with wrapping/unwrapping commands, or disable key wrapping with the one of the previous mechanisms. Otherwise, the creation of an encrypted database cluster will fail. +For `intidb --data-encryption` to run successfully, you have to either specify a wrapping/unwrapping command, set a fallback environment variable with wrapping/unwrapping commands, or disable key wrapping with the one of the previous mechanisms. Otherwise, the creating an encrypted database cluster will fail. !!!note If you want to enable key wrapping on TDE-enabled database clusters where key wrapping was previously disabled, see [Enabling a mechanism to protect the data encryption key](../enabling/enabling_key_wrapper).