Datacenters running on Amazon’s EBS infrastructure can be encrypted with an AWS KMS key. See Setting Up a Datacenter with EBS Encryption for more information on sharing a KMS key with Instaclustr.
Table of Contents
List available keys
To get a list of encryption keys previously added to this account make a GET request to https://api.instaclustr.com/provisioning/v1/encryption-keys
The response will contain an array of key IDs that may be used to provision encrypted clusters:
Add a KMS key
To add an encryption key make a POST request to https://api.instaclustr.com/provisioning/v1/encryption-keys with the JSON body:
The ‘provider’ field is optional for most setups. When it is not specified for the customers who do not have any registered RIYOA accounts the default provider ‘INSTACLUSTR’ will be set as the provider account for the key. For the existing RIYOA customers with a single provider account, their existing provider account will be assumed as the provider account for the key. RIYOA customers with multiple provider accounts must provide a value for the field.
If validation succeeds, we will respond with 202 Accepted and a JSON containing the key id that may be used to provision encrypted clusters.
If validation fails, we will respond with 400 Bad Request and a message describing possible reasons for the failure.
Remove a KMS key
Make a DELETE request to https://api.instaclustr.com/provisioning/v1/encryption-keys/<key-id>
If successful, the API will respond with 202 Accepted.
If the key is in use by a running cluster, the API will respond with 400 Bad Request and a JSON with the message “Encryption key in use. Data centres using this key need to be deleted first.”