How to create a policy to force enabling of key rotation in Azure KV?

Question

Hello community,

Are there any custom or built-in policies targeting the key rotation policy inside an Azure Key Vault. Since the rotation policy feature has been added lately, I suspect that there aren't any built-in policies yet. I'm trying to create a custom policy to force enabling the key rotation feature for new keys. In other words, the 'Enable auto rotation' button below should be ticked when creating a new key.

But I haven't found the right mode. I think it should be Microsoft.KeyVault.Data and for a similar policy 'Key Vault keys should have an expiration date' the target is Microsoft.KeyVault.Data/vaults/keys/attributes.expiresOn but what would it be for the key rotation feature?

Thanks and best regards!

Answer 1

@Z.K.Z
Thank you for your time and patience on this!

I received a response from our KV team and since the AKV Key auto rotation feature is fairly new, it has yet to onboard to Azure Policies but is on the roadmap. Since there's currently no option to leverage Azure Policies for the key rotation, I've created an internal feature request, so our engineering team is aware of the demand for this feature.

Additional Link:
Azure User Voice Forum
How to configure automatic key rotation (preview) in Azure Key Vault

If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.

----------

Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.