API Documentation

Base URL: hostname:8000/cryptops/v0


GET /encryption

Returns the status of the encryption (whether or not you have an encrypted partition)

POST /encryption/init

Encrypts the disk with a password if there are no encrypted disks

Post data: {"password": password}

POST /encryption/unlock

Decrypts the disk using a password and boots the machine

Post data: {"password": password}

POST /encryption/remove

Brings the VPS in a state where the disk is not encrypted and booting does not require a password (does not change the initrd to a “regular” initrd)

Post data: {"password": password}

POST /encryption/selfdestruct

Removes the encryption master key, effectively deleting the encrypted data permanently.

Encryption keys:

GET /encryption/keys

List luks password slots

POST /encryption/keys/

Add a new password to a new Luks slot.

Post data: {"password": password, "new-password": new-password}

PUT /encryption/keys/{slot-id}

Change a luks slot’s password. {slot} corresponds to a slot id listed by GET /encryption/keys.

Post data: {"password": password, "new-password": new-password}

DELETE /encryption/keys/{slot-id}

Delete a password from a luks slot

SSH keys with access to the initrd:

GET /ssh/keys

List SSH keys in the /root/.ssh/authorized_keys file


Add a key to the authorized_keys file

Post data: {"ssh-key": ssh-key}

PUT /ssh/keys/{key-id}

Change a key in the authorized_keys file

Post data: {"ssh-key": ssh-key}

DELETE /ssh/keys/{key-id}

Delete the key with id {key-id} from the authorized_keys file