Datacenters running on Amazon’s EBS infrastructure can be encrypted with an AWS KMS key. See Setting Up a Datacenter with EBS Encryption for more information on sharing a KMS key with Instaclustr.
List available keys
To get a list of encryption keys previously added to this account make a GET request to https://api.instaclustr.com/provisioning/v1/encryption-keys
The response will contain an array of key IDs that may be used to provision encrypted clusters:
Add a KMS key
To add an encryption key make a POST request to https://api.instaclustr.com/provisioning/v1/encryption-keys with the JSON body:
If validation succeeds, we will respond with 202 Accepted and a JSON containing the key id that may be used to provision encrypted clusters.
Remove a KMS key
Make a DELETE request to https://api.instaclustr.com/provisioning/v1/encryption-keys/<key-id>
If successful, the API will respond with 202 Accepted.
If the key is in use by a running cluster, the API will respond with 400 Bad Request and a JSON with the message “Encryption key in use. Data centres using this key need to be deleted first.”