Parameter:
DAOS_EncryptShort description: Enables encryption of newly written DAOS NLO files (DAOS encryption at the server level).
Profile
Parameter | DAOS_Encrypt |
Category | DAOS |
Component | Server |
Available since | 12.0 |
Supported versions | 12.0, 14.0, 14.5, 14.5.1 |
GUI equivalent | Server document (Transactional Logging → DAOS → Encrypt DAOS objects) |
Possible values | 0 = off (default), 1 = on |
Description
With Domino 12, DAOS encryption was tidied up:
DAOS_Encrypt=1 is the modern variant, which stores DAOS NLOs in the repository encrypted with the server's own key. Functionally comparable to DAOS_ENCRYPT_NLO, but newer and visible as a regular option in the Server document.Newly generated NLOs are written encrypted from activation onwards; existing NLOs initially remain unchanged. A
tell daosmgr resync with rewriting or a tier migration brings the existing repository up to date.Example configuration
DAOS_Encrypt=1
Notes & pitfalls
- Existing NLOs are not encrypted retroactively.
- The key is bound to the server master key – set up an ID Vault for emergency access.
- Very low CPU overhead.
- For DAOS tier storage (cloud/object) practically mandatory for compliance.
- Takes effect after a server restart.
- Complementary to
DAOS_ENCRYPT_NLO,DAOS_Base_Path,DAOS_Enabled,Create_AES_Databases.