You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: content/admin/configuration/configuring-data-encryption-for-your-enterprise.md
+7-7Lines changed: 7 additions & 7 deletions
Original file line number
Diff line number
Diff line change
@@ -20,7 +20,7 @@ For encryption in transit, {% data variables.product.product_name %} uses Transp
20
20
21
21
The key that you provide is stored in a hardware security module (HSM) in a key vault that {% data variables.product.company_short %} manages.
22
22
23
-
To configure your encryption key, use the REST API. There are a number of API endpoints, for example to check the status of encryption, update your encryption key, and delete your encryption key. Note that deleting your key will freeze your enterprise. For more information about the API endpoints, see "[Encryption at rest](/rest/reference/enterprise-admin#encryption-at-rest)" in the REST API documentation.
23
+
To configure your encryption key, use the REST API. There are a number of API endpoints, for example to check the status of encryption, update your encryption key, and disable your encryption key. Note that disabling your key will freeze your enterprise. For more information about the API endpoints, see "[Encryption at rest](/rest/reference/enterprise-admin#encryption-at-rest)" in the REST API documentation.
24
24
25
25
### Adding or updating an encryption key
26
26
@@ -48,24 +48,24 @@ Your 2048 bit RSA private key should be in PEM format, for example in a file cal
48
48
curl -X GET http(s)://<em>hostname</em>/api/v3/enterprise/encryption/status/<em>request_id</em>
49
49
```
50
50
51
-
### Deleting your encryption key
51
+
### Disabling your encryption key
52
52
53
-
To freeze your enterprise, for example in the case of a breach, you can disable encryption at rest by deleting your encryption key.
53
+
To freeze your enterprise, for example in the case of a breach, you can disable encryption at rest by marking your encryption key as disabled.
54
54
55
-
To unfreeze your enterprise after you've deleted your encryption key, contact support. For more information, see "[About {% data variables.contact.enterprise_support %}](/admin/enterprise-support/about-github-enterprise-support)."
56
-
57
-
1. To delete your key and disable encryption at rest, use the `DELETE /enterprise/encryption` endpoint.
55
+
1. To disable your key and encryption at rest, use the `DELETE /enterprise/encryption` endpoint. This operation does not delete the key permanently.
2. Optionally, check the status of the delete operation.
61
+
2. Optionally, check the status of the delete operation. It takes approximately ten minutes to disable encryption at rest.
64
62
65
63
```shell
66
64
curl -X GET http(s)://<em>hostname</em>/api/v3/enterprise/encryption/status/<em>request_id</em>
67
65
```
68
66
67
+
To unfreeze your enterprise after you've disabled your encryption key, contact support. For more information, see "[About {% data variables.contact.enterprise_support %}](/admin/enterprise-support/about-github-enterprise-support)."
68
+
69
69
### Further reading
70
70
71
71
- "[Encryption at rest](/rest/reference/enterprise-admin#encryption-at-rest)" in the REST API documentation
0 commit comments