nodetool createsystemkey

Synopsis

nodetool createsystemkey ALGORITHM KEY_STRENGTH [FILENAME]

Replace the following:

  • ALGORITHM: The cipher algorithm to use for encryption.

  • KEY_STRENGTH: The key strength in bits. For example, 128, 192, 256.

  • FILENAME: The filename for the generated system key file.

Syntax conventions Description

UPPERCASE

Literal keyword.

Lowercase

Not literal.

<Italics>

Variable value. Replace with a valid option or user-defined value.

[ ]

Optional. Square brackets ( [ ] ) surround optional command arguments. Do not type the square brackets.

( )

Group. Parentheses ( ( ) ) identify a group to choose from. Do not type the parentheses.

|

Or. A vertical bar ( | ) separates alternative elements. Type any one of the elements. Do not type the vertical bar.

...

Repeatable. An ellipsis ( ... ) indicates that you can repeat the syntax element as often as required.

'<Literal string>'

Single quotation ( ' ) marks must surround literal strings in CQL statements. Use single quotation marks to preserve upper case.

{ <key>:<value> }

Map collection. Braces ( { } ) enclose map collections or key value pairs. A colon separates the key and the value.

<<datatype1>,<datatype2>>

Set, list, map, or tuple. Angle brackets ( < > ) enclose data types in a set, list, map, or tuple. Separate the data types with a comma.

cql_statement;

End CQL statement. A semicolon ( ; ) terminates all CQL statements.

[ -- ]

Separate the command line options from the command arguments with two hyphens ( -- ). This syntax is useful when arguments might be mistaken for command line options.

' <<schema> ... </schema> >'

Search CQL only: Single quotation marks ( ' ) surround an entire XML schema declaration.

@<xml_entity>='<xml_entity_type>'

Search CQL only: Identify the entity and literal value to overwrite the XML element in the schema and solrconfig files.

cipher_algorithm[/mode/padding]

Hyper-Converged Database (HCD) supports the following JCE cipher algorithms:

  • AES/CBC/PKCS5Padding (valid with length 128, 192, or 256)

  • AES/ECB/PKCS5Padding (valid with length 128, 192, or 256)

  • DES/CBC/PKCS5Padding (valid with length 56)

  • DESede/CBC/PKCS5Padding (valid with length 112 or 168)

  • Blowfish/CBC/PKCS5Padding (valid with length 32-448)

  • RC2/CBC/PKCS5Padding (valid with length 40-128) Default value: AES/CBC/PKCS5Padding (with length 128)

-d directory, --directory directory

Key file output directory. Enables creating key files before HCD is installed. This option is typically used by IT automation tools like Ansible. When no directory is specified, keys are saved to the default system key directory.

length

Required if cipher_algorithm is specified. Key length is not required for HMAC algorithms. Default value: 128 (with the default cipher algorithm AES/CBC/PKCS5Padding)

filename

Optional. The filename for the generated system key file. When no filename is specified, the default file name is system_key.

Examples

To create a local key file:

nodetool createsystemkey 'AES/ECB/PKCS5Padding' 128

This creates a system key with the default filename system_key.

To create a key file with a specific name:

nodetool createsystemkey 'AES/ECB/PKCS5Padding' 128 my_key

This creates a system key with the specified filename.

To create a key file in a specific directory:

nodetool createsystemkey 'AES/ECB/PKCS5Padding' 128 my_key -d /mydir

This creates a system key with the specified filename in the specified directory.

Was this helpful?

Give Feedback

How can we improve the documentation?

© 2025 DataStax | Privacy policy | Terms of use | Manage Privacy Choices

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries. Kubernetes is the registered trademark of the Linux Foundation.

General Inquiries: +1 (650) 389-6000, info@datastax.com