Enable mongodb encryption at rest using keyfile for Existing Deployment

Hello All

I have 3 node P-S-S architecture on my Production almost running for close to an Year. Due to business requirement we are planning to Enable encryption at rest using key-file.

As per the Documentation is says "You can rotate out the binary with a new instance that uses a new key. "

  • We need to add new server with Enable Encryption “rs.add( { host: host:port, priority: 0, votes: 0 } )”
  • Once this is become Secondary …Flip this to Primary and Remove the Existing nodes from replication and flush the disk and add it again with Enable Encryption

Will this Work with out Downtime? Is there any other way to Enable encryption at rest using keyfile.

Please suggest.