New encryption API endpoints for encrypting your Qlik Cloud tenants
Qlik offers customers the ability to encrypt their tenants with their own key. The new encryption API provides you with the ability to deploy, manage, and cycle encryption keys on one or more Qlik Cloud tenants via supported providers.
Create & migrate to a new key provider
Here’s an example of a cURL command that creates a new key provider:
curl --location "<TENANT>/api/v1/encryption/keyproviders" ^
--header "Authorization: Bearer <ACCESS_TOKEN>" ^
--header "Content-Type: application/json" ^
--data "{\"name\": \"<KEY_PROVIDER_NAME>\", \"arn\": \"<KMS_KEY_ARN>\", \"keyprovider\": \"AWS-KMS\" }"
The result is a JSON object that shows the details of the newly created KMS key provider.
{
"name": "<KEY_PROVIDER_NAME>",
"tenantId": "<TENANT_ID>",
"arn": "<KMS_KEY_ARN>",
"arnFingerPrint": "<ARN_FINGERPRINT>",
"keyprovider": "AWS-KMS",
"createdAt": "2023-07-14T18:17:23Z",
"promotedToCurrentAt": "0001-01-01T00:00:00Z",
"demotedFromCurrentAt": "0001-01-01T00:00:00Z"
}
You can then migrate from the currently active key
provider to the new key provider specified by <ARN_FINGERPRINT>. Upon
successful migration, the migrated key provider becomes active.
curl -L "https://<TENANT>/api/v1/encryption/keyproviders/<ARN_FINGERPRINT>/actions/migrate" ^
-X POST ^
--header "Content-Type: application/json" ^
--header "Authorization: Bearer <ACCESS_TOKEN>"
The result is a JSON object that shows the details of the key provider migration.
{
"migrationId": "c75088bc-cfba-410a-aeda-2a5dd797f528",
"tenantId": "<TENANT_ID>",
"migratingFrom": "v1:rTfjXBtXurvLxUJqE4dvgyXIm6zLiaIE:iiTaqy+LNXkmCVEBN9mOwKwsNQZ0UdNUWW7s5TptbOrU67qAALinKb+UZUKBHYgVGflHmp2t2CvtBK4G",
"migratingTo": "<KMS_KEY_ARN>",
"migratingToFingerPrint": "<ARN_FINGERPRINT>",
"migratingToPrefix": "#BYOKv1#:<ARN_FINGERPRINT>",
"state": "New",
"initiatedAt": "2023-07-18T12:08:04.634711507Z",
"completedAt": "0001-01-01T00:00:00Z"
}
Learn more about tenant encryption
To learn more:
- Review the encrypt tenants topic to learn how to send common requests.
- Visit the configuring tenant encryption documentation to learn about the overall capability.
- Read the no-code options for managing encryption to learn how to manage lifecycles in Qlik Application Automation.
- Access the encrypt tenants API specification to see the full specification.