Mark a BYOK key as revoked after operator confirmation.

This records the operational state only; it does not recover the tenant DEK. Recovery requires the customer to restore their key or re-supply credentials.

Authorization

Bearer

AuthorizationBearer <token>

JWT Authorization header using the Bearer scheme. Enter 'Bearer' [space] and then your token.

In: header

Path Parameters

tenant*string

The tenant identifier

Request Body

reason?string|null

Category-only operational reason, e.g. permission_denied.

[key: string]?never

Response Body

curl -X POST "https://api.fruxon.com/v1/tenants/string/byok:revoke" \
  -H "Content-Type: application/json" \
  -d '{}'

curl -X POST "https://api.fruxon.com/v1/tenants/string/byok:revoke" \  -H "Content-Type: application/json" \  -d '{}'

{
  "configured": false,
  "config": {
    "id": "00000000-0000-0000-0000-000000000000",
    "provider": "GCP",
    "kmsKeyResourceName": "string",
    "authMode": "GCP_ADC_IAM_BINDING",
    "authSecretRef": "string",
    "status": "PENDING_VALIDATION",
    "configVersion": 0,
    "lastValidatedAt": 0,
    "lastValidationError": "string",
    "createdAt": 0,
    "modifiedAt": 0
  }
}

{
  "type": "string",
  "title": "string",
  "status": 0,
  "detail": "string",
  "instance": "string",
  "property1": null,
  "property2": null
}

Empty

{
  "type": "string",
  "title": "string",
  "status": 0,
  "detail": "string",
  "instance": "string",
  "property1": null,
  "property2": null
}

{
  "type": "string",
  "title": "string",
  "status": 0,
  "detail": "string",
  "instance": "string",
  "property1": null,
  "property2": null
}

{
  "type": "string",
  "title": "string",
  "status": 0,
  "detail": "string",
  "instance": "string",
  "property1": null,
  "property2": null
}

Mark a BYOK key as revoked after operator confirmation.

Authorization

Path Parameters

Request Body

Response Body

200

400

401

403

404

409