Encrypting the data store helps protect sensitive data if an appliance is lost, stolen, or compromised. The encryption makes it difficult for unauthorized users to access the stored data. Before enabling encryption, you must unlock the secure vault, which holds the encryption key.

For maximum security, enable both data store encryption and TLS optimization. Data store synchronization traffic is not encrypted.

Encryption can affect performance; stronger encryption usually means lower performance. Choose an encryption level that balances your security needs with acceptable performance. Consider your network setup, the sensitivity of the data, and how much performance you're willing to trade for better security.

Appliances can use encrypted data stores created within the same major software version, but not in future versions. For example, an encrypted data store created in version 8.0.2 works with 8.0.3, but not with 8.5.

Before downgrading to an earlier version, you must set the encryption type to None, clear the data store, and restart the service. After you clear the data store, the data is removed from persistent storage and can’t be recovered.

If you downgrade to a previous software version and there’s a mismatch with the encrypted data store, the status bar indicates that the data store is corrupt. You can either use the backup software version after clearing the data store and rebooting the service, or return to the software version in use when the data store was encrypted, and continue using it.