ApiTenantbyok
Activate BYOK by re-wrapping the tenant DEK under the customer KEK.
The point of no return for onboarding: re-wraps the tenant's data-encryption key under the staged customer KMS key, after which credential decryption depends on that key being available. Requires a successful `:preflight` first. From here, disabling the customer key fails closed — equivalent to cryptographic erasure until the key is restored or the tenant offboards.
Authorization
Bearer AuthorizationBearer <token>
JWT Authorization header using the Bearer scheme. Enter 'Bearer' [space] and then your token.
In: header
Path Parameters
tenant*string
The tenant identifier
Response Body
curl -X POST "https://api.fruxon.com/v1/tenants/string/byok:activate"{
"configured": false,
"config": {
"id": "00000000-0000-0000-0000-000000000000",
"provider": "GCP",
"kmsKeyResourceName": "string",
"authMode": "GCP_ADC_IAM_BINDING",
"authSecretRef": "string",
"status": "PENDING_VALIDATION",
"configVersion": 0,
"lastValidatedAt": 0,
"lastValidationError": "string",
"createdAt": 0,
"modifiedAt": 0
}
}Empty
{
"type": "string",
"title": "string",
"status": 0,
"detail": "string",
"instance": "string",
"property1": null,
"property2": null
}{
"type": "string",
"title": "string",
"status": 0,
"detail": "string",
"instance": "string",
"property1": null,
"property2": null
}{
"type": "string",
"title": "string",
"status": 0,
"detail": "string",
"instance": "string",
"property1": null,
"property2": null
}