Antimatter hosted REK
When a new domain is created, the Root Encryption Key (REK) used for data encryption is hosted by Antimatter by default. This can be changed using to use any one of the supported REK sources (see Overview). If however, the REK is currently hosted by an external source, it can be changed back to being hosted by Antimatter at any point. For this guide, we assume that the Antimatter CLI has been installed (see CLI) and that a domain has been created, which does not currently have Antimatter as the host for the REK.
Access the key management page.
Navigating to the key management page can be done either through the dashboard, or via the CLI.
- Dashboard
- CLI
If using the dashboard, navigate to Domain Configuration -> Encryption Rotation and select the option: "Change Root
Encryption Key Configuration"
This will redirect you to the key management modal where the REK source can be selected.
To have Antimatter host the REK for this domain, simply select the first option; "I want Antimatter to hold a key to encrypt my company's data." and click 'Apply'.
If using the CLI, a link to the key management page can be generated using the self-serve subcommand. First, ensure
the CLI is authenticated and using the relevant domain. You will need to provide an API key or specify a suitable Oauth
provider.
am config domain login --api-key <api-key>
Or
am config domain login --oauth-provider <provider>
Once the CLI is authenticated, the key management URL can be generated using:
am keys self-serve --vendor <company-name>
This will generate a URI for the key management landing page.
From here, select "Edit Settings" and you will be presented with the different key hosting options.
To have Antimatter host the REK for this domain, simply select the first option; "I want Antimatter to hold a key to encrypt my company's data." and click 'Apply'.