Migrating encrypted tables

Steps to migrate encrypted tables from earlier versions.

After upgrading to DataStax Enterprise 4.0.4, perform the following steps to update to the new version of transparent data encryption, which streams encrypted data between nodes correctly.

Procedure for upgrading encrypted tables

Upgrade the cluster to DataStax Enterprise 4.0.4, following instructions in the "DataStax Upgrade Guide."
Restart the cluster as described in the Upgrade Guide.
Follow steps 4-5 in "Encrypting data in DataStax Enterprise 4.0.4 and later" to create a system key and distribute it to all nodes in the cluster.
Check that the dse_system.encrypted_keys table was created as shown in step 7 in "Encrypting data in DataStax Enterprise 4.0.4 and later" .

If the dse_system.encrypted_keys table was created, go to the next step; otherwise, create the table manually.

CREATE KEYSPACE IF NOT EXISTS dse_system WITH replication = {'class': 'EverywhereStrategy'};

USE dse_system;

CREATE TABLE IF NOT EXISTS encrypted_keys (
  key_file text,
  cipher text,
  strength int,
  key_id timeuuid,
  key text,
  PRIMARY KEY (key_file, cipher, strength, key_id)
);

Rewrite all SSTables using the new version of transparent data encryption.
```
$ nodetool upgradesstables --include-all-sstables
```

If you need to restore the dse_system.encrypted_keys table, load the table. Do not truncate or delete anything.