![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 21%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERP%3C/text%3E%3C/svg%3E)
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,451 questions
Thank you for your post!
When it comes to configuring the key rotation policy within your Azure Managed HSM, as of now this can only be accomplished from Azure CLI version 2.42.0 or above.
Configure a key rotation policy:
Write a key rotation policy and save it to a file. Use ISO8601 Duration formats to specify time intervals.
- For example: Rotate the key 18 months after creation and set the new key to expire after two years.
{
"lifetimeActions": [
{
"trigger": {
"timeAfterCreate": "P18M",
"timeBeforeExpiry": null
},
"action": {
"type": "Rotate"
}
}
],
"attributes": {
"expiryTime": "P2Y"
}
}
Use the following command to apply the policy to a key.
az keyvault key rotation-policy update --hsm-name <hsm-name> --name <key-name> --value </path/to/policy.json>
- Once a rotation policy is set for the key, you can also rotate the key on-demand. You must set a key rotation policy first.
az keyvault key rotate --hsm-name <hsm-name> --name <key-name>
I hope this helps!
If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.
If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.