Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


request system filesystem encryption enable



Following are the prerequisites to enable file-system encryption:

  • System contains a TPM2.0 with IDevID provisioned.

  • System having single or redundant disk are supported.

  • Take data backup of configurations and log files.


When you enable encryption process on the file-system, the conversion process starts with the backup routing engine followed by the active Routing Engine. In the case of redundant disks, the conversion starts with the primary disk followed by the secondary disk to avoid loss of data.

Once enabled, the encryption cannot be disabled and all the software image versions that does not support file-system encryption are deleted.



Enable file-system encryption on all Routing Engines.


(Optional) Display the file-system encryption message without running the encryption process.


(Optional) Enable file-system encryption on RE0.


(Optional) Enable file-system encryption on RE1.


(Optional) Enable file-system encryption on the specified Routing Engine. Use one of the following options to specify the Routing Engine:

Backup Backup Routing Engine
Both Both Routing Engines
Local Local Routing Engine
Master Primary Routing Engine
Other Other Routing Engine

Required Privilege Level


Sample Output

request system filesystem encryption enable

During the conversion process, the vmhost reboot using request vmhost reboot is required to start file-system encryption and to reflect the changes.

Release Information

Command introduced in Junos OS Release 22.3R1.