Encryption Keys

Datacenters running on Amazon's EBS infrastructure can be encrypted with an AWS KMS key. See Setting Up a Datacenter with EBS Encryption for more information on sharing a KMS key with Instaclustr.

List available keys

To get a list of encryption keys previously added to this account make a GET request to https://api.instaclustr.com/provisioning/v1/encryption-keys

The response will contain an array of key IDs that may be used to provision encrypted clusters:

      "alias":"virginia 1"

Add a KMS key

To add an encryption key make a POST request to https://api.instaclustr.com/provisioning/v1/encryption-keys with the JSON body:

    "alias":"virginia key",

If validation succeeds, we will respond with 202 Accepted and a JSON containing the key id that may be used to provision encrypted clusters.

Remove a KMS key

Make a DELETE request to https://api.instaclustr.com/provisioning/v1/encryption-keys/<key-id>

If successful, the API will respond with 202 Accepted.

If the key is in use by a running cluster, the API will respond with 400 Bad Request and a JSON with message "Encryption key in use. Data centres using this key need to be deleted first."

Last updated:
If you have questions regarding this article, feel free to add it to the comments below.


Please sign in to leave a comment.