In this procedure, you will encrypt the databases of a replica set using rolling upgrades. This procedure assumes you have a three-member replica set up and running. Using the local key management does not meet most regulatory key management guidelines. If it is used, users must take care to manage their own keys securely.
2.In the mongo shell, log into one of the secondary members.
3.Shutdown the server with this command.
4.Delete the existing database files for this secondary member.
5.Restart the server with storage encryption enabled. You may wish to use a configuration file similar to the one below. In this command, cf.yaml is the name of the configuration file.
mongod -f cf.yaml
6.Repeat Steps 3 through 5 for the other secondary member. Be sure to update the configuration file with the correct port and database path.
7.In the mongo shell, log into the primary member.
8.Step down the primary member with this command:
9.Repeat Steps 3 through 5 for the former primary member.
•When setting the encryptionKeyFile option, be sure to use full path names, not relative path names.