![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(35.2, 57.00000000000001%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,367 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(236.8, 89%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHE%3C/text%3E%3C/svg%3E)
Hi @Robos •
Thanks for posting your question in the Microsoft Q&A forum.
According to your query, the key rotation policy is defined with a lifetime, and the key should rotate within 30 days before expiration. However, if you don't set the key expiration (expire_on) when creating the key, it will not rotate automatically.
Key rotation policy settings:
- Expiry time: key expiration interval (minimum 28 days). It is used to set expiration date on a newly rotated key (e.g. after rotation, the new key is set to expire in 30 days).
- Rotation types:
Automatically renew at a given time after creation
Automatically renew at a given time before expiry. 'Expiration Date' must be set on the key for this event to fire.
For additional information refer this links: https://learn.microsoft.com/en-us/azure/key-vault/managed-hsm/key-rotation#key-rotation-policy
https://learn.microsoft.com/en-us/azure/key-vault/keys/how-to-configure-key-rotation#key-rotation-policy
Hope this helps. Do let us know if you any further queries.
Best Regards,
Harshitha Eligeti.