Get Key Rotation Policy - Get Key Rotation Policy
Lists the policy for a key.
The GetKeyRotationPolicy operation returns the specified key policy resources in the specified key vault. This operation requires the keys/get permission.
GET {vaultBaseUrl}/keys/{key-name}/rotationpolicy?api-version=7.4URI Parameters
| Name | In | Required | Type | Description |
|---|---|---|---|---|
|
key-name
|
path | True |
string |
The name of the key in a given key vault. |
|
vault
|
path | True |
string |
The vault name, for example https://myvault.vault.azure.net. |
|
api-version
|
query | True |
string |
Client API version. |
Responses
| Name | Type | Description |
|---|---|---|
| 200 OK |
The key rotation policy. |
|
| Other Status Codes |
Key Vault error response describing why the operation failed. |
Examples
GetKeyRotationPolicy
Sample request
GET https://myvault.vault.azure.net//keys/key01/rotationpolicy?api-version=7.4
Sample response
{
"id": "https://myvault.vault.azure.net/keys/key01/rotationpolicy",
"lifetimeActions": [
{
"trigger": {
"timeAfterCreate": "P90D"
},
"action": {
"type": "Rotate"
}
},
{
"trigger": {
"timeBeforeExpiry": "P30D"
},
"action": {
"type": "Notify"
}
}
],
"attributes": {
"expiryTime": "P2Y",
"created": 1482188947,
"updated": 1482188948
}
}Definitions
| Name | Description |
|---|---|
|
Action |
The type of the action. The value should be compared case-insensitively. |
| Error |
The key vault server error. |
|
Key |
Management policy for a key. |
|
Key |
The key rotation policy attributes. |
|
Key |
The key vault error exception. |
|
Lifetime |
Action and its trigger that will be performed by Key Vault over the lifetime of a key. |
|
Lifetime |
A condition to be satisfied for an action to be executed. |
|
Lifetime |
The action that will be executed. |
ActionType
The type of the action. The value should be compared case-insensitively.
| Name | Type | Description |
|---|---|---|
| Notify |
string |
Trigger Event Grid events. Defaults to 30 days before expiry. Key Vault only. |
| Rotate |
string |
Rotate the key based on the key policy. |
Error
The key vault server error.
| Name | Type | Description |
|---|---|---|
| code |
string |
The error code. |
| innererror |
The key vault server error. |
|
| message |
string |
The error message. |
KeyRotationPolicy
Management policy for a key.
| Name | Type | Description |
|---|---|---|
| attributes |
The key rotation policy attributes. |
|
| id |
string |
The key policy id. |
| lifetimeActions |
Actions that will be performed by Key Vault over the lifetime of a key. For preview, lifetimeActions can only have two items at maximum: one for rotate, one for notify. Notification time would be default to 30 days before expiry and it is not configurable. |
KeyRotationPolicyAttributes
The key rotation policy attributes.
| Name | Type | Description |
|---|---|---|
| created |
integer |
The key rotation policy created time in UTC. |
| expiryTime |
string |
The expiryTime will be applied on the new key version. It should be at least 28 days. It will be in ISO 8601 Format. Examples: 90 days: P90D, 3 months: P3M, 48 hours: PT48H, 1 year and 10 days: P1Y10D |
| updated |
integer |
The key rotation policy's last updated time in UTC. |
KeyVaultError
The key vault error exception.
| Name | Type | Description |
|---|---|---|
| error |
The key vault server error. |
LifetimeActions
Action and its trigger that will be performed by Key Vault over the lifetime of a key.
| Name | Type | Description |
|---|---|---|
| action |
The action that will be executed. |
|
| trigger |
The condition that will execute the action. |
LifetimeActionsTrigger
A condition to be satisfied for an action to be executed.
| Name | Type | Description |
|---|---|---|
| timeAfterCreate |
string |
Time after creation to attempt to rotate. It only applies to rotate. It will be in ISO 8601 duration format. Example: 90 days : "P90D" |
| timeBeforeExpiry |
string |
Time before expiry to attempt to rotate or notify. It will be in ISO 8601 duration format. Example: 90 days : "P90D" |
LifetimeActionsType
The action that will be executed.
| Name | Type | Description |
|---|---|---|
| type |
The type of the action. The value should be compared case-insensitively. |