Migrating encrypted tables

Encrypted tables require specific actions to migrate to later versions of DataStax Enterprise.

Steps to migrate encrypted tables from earlier versions to DataStax Enterprise.

Procedure

  1. Back up the entire keyspace that has a dse_system.encrypted_keys table.
  2. Back up all system keys.
  3. Upgrade the cluster to DataStax Enterprise 4.7, following instructions in the "DataStax Upgrade Guide."
  4. Restart the cluster as described in the Upgrade Guide.
  5. Check that the dse_system.encrypted_keys table was created using the cqlsh DESCRIBE KEYSPACES command.

    If you need to restore the dse_system.encrypted_keys table, load the table. Do not truncate or delete anything.

  6. If the dse_system.encrypted_keys table was created, go to the next step; otherwise, create the table manually:
    CREATE KEYSPACE dse_system WITH replication = {'class': 'EverywhereStrategy'};
    
    USE dse_system;
    
    CREATE TABLE encrypted_keys (
      key_file text,
      cipher text,
      strength int,
      key_id timeuuid,
      key text,
      PRIMARY KEY (key_file, cipher, strength, key_id)
    );
  7. Rewrite all SSTables.
    $ nodetool upgradesstables --include-all-sstables