Encryption Keys

Datacenters running on Amazon’s EBS infrastructure can be encrypted with an AWS KMS key. See Setting Up a Datacenter with EBS Encryption for more information on sharing a KMS key with Instaclustr.

Table of Contents

List available keys

To get a list of encryption keys previously added to this account make a GET request to https://api.instaclustr.com/provisioning/v1/encryption-keys

The response will contain an array of key IDs that may be used to provision encrypted clusters:


Add a KMS key

To add an encryption key make a POST request to https://api.instaclustr.com/provisioning/v1/encryption-keys with the JSON body:

The ‘provider’ field is optional for most setups. When it is not specified for the customers who do not have any registered RIYOA accounts the default provider ‘INSTACLUSTR’ will be set as the provider account for the key. For the existing RIYOA customers with a single provider account, their existing provider account will be assumed as the provider account for the key. RIYOA customers with multiple provider accounts must provide a value for the field.

If validation succeeds, we will respond with 202 Accepted and a JSON containing the key id that may be used to provision encrypted clusters.

If validation fails, we will respond with 400 Bad Request and a message describing possible reasons for the failure. 

Remove a KMS key

Make a DELETE request to https://api.instaclustr.com/provisioning/v1/encryption-keys/<key-id>

If successful, the API will respond with 202 Accepted.

If the key is in use by a running cluster, the API will respond with 400 Bad Request and a JSON with the message “Encryption key in use. Data centres using this key need to be deleted first.”

Need Support
Learn More

Already have an account?
Login to the Console

Experiencing difficulties on the website or console?
Status page for known incidents

Don’t have an account yet?
Sign up for a free trial

Why sign up?
To experience the ease of creating and managing clusters via the Instaclustr Console.