Set-AzKeyVaultKeyRotationPolicy
Sets the key rotation policy for the specified key in Key Vault.
Syntax
ByVaultName (Default)
Set-AzKeyVaultKeyRotationPolicy
[-VaultName] <String>
[-Name] <String>
[-ExpiresIn <String>]
[-KeyRotationLifetimeAction <PSKeyRotationLifetimeAction[]>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
SetByRotationPolicyFileViaVaultName
Set-AzKeyVaultKeyRotationPolicy
[-VaultName] <String>
[-Name] <String>
-PolicyPath <String>
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Set-AzKeyVaultKeyRotationPolicy
[-InputObject] <PSKeyVaultKeyIdentityItem>
[-ExpiresIn <String>]
[-KeyRotationLifetimeAction <PSKeyRotationLifetimeAction[]>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Set-AzKeyVaultKeyRotationPolicy
[-InputObject] <PSKeyVaultKeyIdentityItem>
-PolicyPath <String>
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Set-AzKeyVaultKeyRotationPolicy
[-KeyRotationPolicy] <PSKeyRotationPolicy>
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
This cmdlet requires the key update permission. It returns a key rotation policy for the specified key.
Examples
Example 1: Sets key rotation policy by JSON file
<#
rotation_policy.json
{
"lifetimeActions": [
{
"trigger": {
"timeAfterCreate": "P18M",
"timeBeforeExpiry": null
},
"action": {
"type": "Rotate"
}
},
{
"trigger": {
"timeBeforeExpiry": "P30D"
},
"action": {
"type": "Notify"
}
}
],
"attributes": {
"expiryTime": "P2Y"
}
}
#>
Set-AzKeyVaultKeyRotationPolicy -VaultName test-kv -Name test-key -PolicyPath rotation_policy.json
Id : https://test-kv.vault.azure.net/keys/test-key/rotationpolicy
VaultName : test-kv
KeyName : test-keyAM +00:00
LifetimeActions : {[Action: Notify, TimeAfterCreate: , TimeBeforeExpiry: P30D]}
ExpiresIn : P2Y
CreatedOn : 12/10/2021 3:21:51 AM +00:00
UpdatedOn : 6/9/2022 7:43:27
These commands set the rotation policy of key test-key by JSON file.
Example 2: Sets key rotation policy expiry time
Set-AzKeyVaultKeyRotationPolicy -VaultName test-kv -Name test-key -ExpiresIn P2Y
Id : https://test-kv.vault.azure.net/keys/test-key/rotationpolicy
VaultName : test-kv
KeyName : test-keyAM +00:00
LifetimeActions : {[Action: Notify, TimeAfterCreate: , TimeBeforeExpiry: P30D]}
ExpiresIn : P2Y
CreatedOn : 12/10/2021 3:21:51 AM +00:00
UpdatedOn : 6/9/2022 7:43:27
These commands set the expiry time will be applied on the new key version of test-key as 2 years.
Example 3: Sets key rotation policy via piping
Get-AzKeyVaultKey -VaultName test-kv -Name test-key | Set-AzKeyVaultKeyRotationPolicy -KeyRotationLifetimeAction @{Action = "Rotate"; TimeBeforeExpiry = "P18M"}
Id : https://test-kv.vault.azure.net/keys/test-key/rotationpolicy
VaultName : test-kv
KeyName : test-key
LifetimeActions : {[Action: Rotate, TimeAfterCreate: , TimeBeforeExpiry: P18M], [Action: Notify, TimeAfterCreate: ,
TimeBeforeExpiry: P30D]}
ExpiresIn : P2Y
CreatedOn : 12/10/2021 3:21:51 AM +00:00
UpdatedOn : 6/9/2022 8:10:43 AM +00:00
These commands set the duration before expiry to attempt to rotate test-key as 18 months.
Example 4: Copy key rotation policy to another key via PSKeyRotationPolicy object
$policy = Get-AzKeyVaultKeyRotationPolicy -VaultName test-kv -Name test-key1
$policy.KeyName = "test-key2"
$policy | Set-AzKeyVaultKeyRotationPolicy
Id : https://test-kv.vault.azure.net/keys/test-key2/rotationpolicy
VaultName : test-kv
KeyName : test-key2
LifetimeActions : {[Action: Rotate, TimeAfterCreate: , TimeBeforeExpiry: P18M], [Action: Notify, TimeAfterCreate: ,
TimeBeforeExpiry: P30D]}
ExpiresIn : P2Y
CreatedOn : 6/9/2022 8:26:35 AM +00:00
UpdatedOn : 6/9/2022 8:26:35 AM +00:00
These commands copy the key rotation policy test-key1 to key test-key2.
Parameters
-Confirm
Prompts you for confirmation before running the cmdlet.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False Aliases: cf
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with Azure.
Parameter properties
Type: IAzureContextContainer
Default value: None Supports wildcards: False DontShow: False Aliases: AzContext, AzureRmContext, AzureCredential
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-ExpiresIn
The expiryTime will be applied on the new key version. It should be at least 28 days. It will be in ISO 8601 Format. Examples: 90 days: P90D, 3 months: P3M, 48 hours: PT48H, 1 year and 10 days: P1Y10D.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
ByVaultName
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
ByKeyInputObject
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
Key object
ByKeyInputObject
Position: 0 Mandatory: True Value from pipeline: True Value from pipeline by property name: False Value from remaining arguments: False
SetByRotationPolicyFileViaKeyInputObject
Position: 0 Mandatory: True Value from pipeline: True Value from pipeline by property name: False Value from remaining arguments: False
-KeyRotationLifetimeAction
PSKeyRotationLifetimeAction object.
Parameter properties
Parameter sets
ByVaultName
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
ByKeyInputObject
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-KeyRotationPolicy
PSKeyRotationPolicy object.
Parameter properties
Parameter sets
ByKeyRotationPolicyInputObject
Position: 0 Mandatory: True Value from pipeline: True Value from pipeline by property name: False Value from remaining arguments: False
-Name
Key name.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False Aliases: KeyName
Parameter sets
ByVaultName
Position: 1 Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
SetByRotationPolicyFileViaVaultName
Position: 1 Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-PolicyPath
A path to the rotation policy file that contains JSON policy definition.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
SetByRotationPolicyFileViaVaultName
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
SetByRotationPolicyFileViaKeyInputObject
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-VaultName
Vault name.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
ByVaultName
Position: 0 Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
SetByRotationPolicyFileViaVaultName
Position: 0 Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-WhatIf
Shows what would happen if the cmdlet runs.
The cmdlet is not run.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False Aliases: wi
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable,
-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable,
-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see
about_CommonParameters .
Outputs
