Share via

az keyvault key rotation-policy

  • Reference

Manage key's rotation policy.

Commands

Name Description Type Status
az keyvault key rotation-policy show

Get the rotation policy of a Key Vault key.

 Core GA
az keyvault key rotation-policy update

Update the rotation policy of a Key Vault key.

 Core GA

az keyvault key rotation-policy show

Edit

Get the rotation policy of a Key Vault key.

az keyvault key rotation-policy show [--hsm-name]
                                     [--id]
                                     [--name]
                                     [--vault-name]

Optional Parameters

--hsm-name

Name of the HSM. (--hsm-name and --vault-name are mutually exclusive, please specify just one of them).

--id

Id of the key. If specified all other 'Id' arguments should be omitted.

--name -n

Name of the key. Required if --id is not specified.

--vault-name

Name of the Vault.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az keyvault key rotation-policy update

Edit

Update the rotation policy of a Key Vault key.

az keyvault key rotation-policy update --value
                                       [--hsm-name]
                                       [--id]
                                       [--name]
                                       [--vault-name]

Examples

Set rotation policy using json file

az keyvault key rotation-policy update -n mykey --vault-name mykeyvault --value path/to/policy.json
A valid example for policy.json is:
{
  "lifetimeActions": [
    {
      "trigger": {
        "timeAfterCreate": "P90D", // ISO 8601 duration. For example: 90 days is "P90D", 3 months is "P3M", and 48 hours is "PT48H".
        "timeBeforeExpiry" : null
      },
      "action": {
        "type": "Rotate"
      }
    },
    {
      "trigger": {
        "timeBeforeExpiry" : "P30D" // ISO 8601 duration.
      },
      "action": {
        "type": "Notify"
      }
    }
  ],
  "attributes": {
    "expiryTime": "P2Y" // ISO 8601 duration.
  }
}

Required Parameters

--value

The rotation policy file definition as JSON, or a path to a file containing JSON policy definition.

Optional Parameters

--hsm-name

Name of the HSM. (--hsm-name and --vault-name are mutually exclusive, please specify just one of them).

--id

Id of the key. If specified all other 'Id' arguments should be omitted.

--name -n

Name of the key. Required if --id is not specified.

--vault-name

Name of the Vault.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.