az keyvault key rotation-policy
Manage key's rotation policy.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az keyvault key rotation-policy show |
Get the rotation policy of a Key Vault key. |
Core | GA |
| az keyvault key rotation-policy update |
Update the rotation policy of a Key Vault key. |
Core | GA |
az keyvault key rotation-policy show
Get the rotation policy of a Key Vault key.
az keyvault key rotation-policy show [--hsm-name]
[--id]
[--name]
[--vault-name]Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Name of the HSM. (--hsm-name and --vault-name are mutually exclusive, please specify just one of them).
| Property | Value |
|---|---|
| Parameter group: | Id Arguments |
Id of the key. If specified all other 'Id' arguments should be omitted.
| Property | Value |
|---|---|
| Parameter group: | Id Arguments |
Name of the key. Required if --id is not specified.
Name of the Vault.
| Property | Value |
|---|---|
| Parameter group: | Id Arguments |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az keyvault key rotation-policy update
Update the rotation policy of a Key Vault key.
az keyvault key rotation-policy update --value
[--hsm-name]
[--id]
[--name]
[--vault-name]Examples
Set rotation policy using json file
az keyvault key rotation-policy update -n mykey --vault-name mykeyvault --value path/to/policy.json
A valid example for policy.json is:
{
"lifetimeActions": [
{
"trigger": {
"timeAfterCreate": "P90D", // ISO 8601 duration. For example: 90 days is "P90D", 3 months is "P3M", and 48 hours is "PT48H".
"timeBeforeExpiry" : null
},
"action": {
"type": "Rotate"
}
},
{
"trigger": {
"timeBeforeExpiry" : "P30D" // ISO 8601 duration.
},
"action": {
"type": "Notify"
}
}
],
"attributes": {
"expiryTime": "P2Y" // ISO 8601 duration.
}
}Required Parameters
The rotation policy file definition as JSON, or a path to a file containing JSON policy definition.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Name of the HSM. (--hsm-name and --vault-name are mutually exclusive, please specify just one of them).
| Property | Value |
|---|---|
| Parameter group: | Id Arguments |
Id of the key. If specified all other 'Id' arguments should be omitted.
| Property | Value |
|---|---|
| Parameter group: | Id Arguments |
Name of the key. Required if --id is not specified.
Name of the Vault.
| Property | Value |
|---|---|
| Parameter group: | Id Arguments |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
