Setting up local encryption keys to embed in installation package for development environments

You can create a local encryption or decryption key file that can be embedded in a distribution (tarball). In development environments this distribution package can then be used by other users. This strategy is especially helpful when using scripts with IT automation tools such as Ansible.

The current user must have write permission to the directory where you want to generate the key files.


  1. Specify the key file output directory when you create the encryption key with the dsetool createsystemkey command:

    For example:

    dsetool createsystemkey 'AES/ECB/PKCS5Padding' 128 -d /home/jane/keys

    Result: A key file /home/jane/keys/system_key is created.

  2. In the distribution tarball, create a directory for the system key file. Use the default location (/etc/dse/conf) or add a new location.

  3. Locate the dse.yaml configuration file. The location of this file depends on the type of installation:

    • Package installations: /etc/dse/dse.yaml

    • Tarball installations: <installation_location>/resources/dse/conf/dse.yaml

  4. If you used a new location, then update the system_key_directory property in dse.yaml as appropriate.

Was this helpful?

Give Feedback

How can we improve the documentation?

© 2024 DataStax | Privacy policy | Terms of use

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries. Kubernetes is the registered trademark of the Linux Foundation.

General Inquiries: +1 (650) 389-6000,