Editar

Compartir a través de


Set-AzKeyVaultKeyRotationPolicy

Sets the key rotation policy for the specified key in Key Vault.

Syntax

Set-AzKeyVaultKeyRotationPolicy
   [-VaultName] <String>
   [-Name] <String>
   [-ExpiresIn <String>]
   [-KeyRotationLifetimeAction <PSKeyRotationLifetimeAction[]>]
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]
Set-AzKeyVaultKeyRotationPolicy
   [-VaultName] <String>
   [-Name] <String>
   -PolicyPath <String>
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]
Set-AzKeyVaultKeyRotationPolicy
   [-InputObject] <PSKeyVaultKeyIdentityItem>
   [-ExpiresIn <String>]
   [-KeyRotationLifetimeAction <PSKeyRotationLifetimeAction[]>]
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]
Set-AzKeyVaultKeyRotationPolicy
   [-InputObject] <PSKeyVaultKeyIdentityItem>
   -PolicyPath <String>
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]
Set-AzKeyVaultKeyRotationPolicy
   [-KeyRotationPolicy] <PSKeyRotationPolicy>
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

This cmdlet requires the key update permission. It returns a key rotation policy for the specified key.

Examples

Example 1: Sets key rotation policy by JSON file

<# 
rotation_policy.json
{
    "lifetimeActions": [
      {
        "trigger": {
          "timeAfterCreate": "P18M",
          "timeBeforeExpiry": null
        },
        "action": {
          "type": "Rotate"
        }
      },
      {
        "trigger": {
          "timeBeforeExpiry": "P30D"
        },
        "action": {
          "type": "Notify"
        }
      }
    ],
    "attributes": {
      "expiryTime": "P2Y"
    }
  }
#>
Set-AzKeyVaultKeyRotationPolicy -VaultName test-kv -Name test-key -PolicyPath rotation_policy.json

Id              : https://test-kv.vault.azure.net/keys/test-key/rotationpolicy
VaultName       : test-kv
KeyName         : test-keyAM +00:00
LifetimeActions : {[Action: Notify, TimeAfterCreate: , TimeBeforeExpiry: P30D]}
ExpiresIn       : P2Y
CreatedOn       : 12/10/2021 3:21:51 AM +00:00
UpdatedOn       : 6/9/2022 7:43:27

These commands set the rotation policy of key test-key by JSON file.

Example 2: Sets key rotation policy expiry time

Set-AzKeyVaultKeyRotationPolicy -VaultName test-kv -Name test-key -ExpiresIn P2Y

Id              : https://test-kv.vault.azure.net/keys/test-key/rotationpolicy
VaultName       : test-kv
KeyName         : test-keyAM +00:00
LifetimeActions : {[Action: Notify, TimeAfterCreate: , TimeBeforeExpiry: P30D]}
ExpiresIn       : P2Y
CreatedOn       : 12/10/2021 3:21:51 AM +00:00
UpdatedOn       : 6/9/2022 7:43:27

These commands set the expiry time will be applied on the new key version of test-key as 2 years.

Example 3: Sets key rotation policy via piping

Get-AzKeyVaultKey -VaultName test-kv -Name test-key | Set-AzKeyVaultKeyRotationPolicy -KeyRotationLifetimeAction @{Action = "Rotate"; TimeBeforeExpiry = "P18M"}

Id              : https://test-kv.vault.azure.net/keys/test-key/rotationpolicy
VaultName       : test-kv
KeyName         : test-key
LifetimeActions : {[Action: Rotate, TimeAfterCreate: , TimeBeforeExpiry: P18M], [Action: Notify, TimeAfterCreate: ,
                  TimeBeforeExpiry: P30D]}
ExpiresIn       : P2Y
CreatedOn       : 12/10/2021 3:21:51 AM +00:00
UpdatedOn       : 6/9/2022 8:10:43 AM +00:00

These commands set the duration before expiry to attempt to rotate test-key as 18 months.

Example 4: Copy key rotation policy to another key via PSKeyRotationPolicy object

$policy = Get-AzKeyVaultKeyRotationPolicy -VaultName test-kv -Name test-key1
$policy.KeyName = "test-key2"
$policy | Set-AzKeyVaultKeyRotationPolicy

Id              : https://test-kv.vault.azure.net/keys/test-key2/rotationpolicy
VaultName       : test-kv
KeyName         : test-key2
LifetimeActions : {[Action: Rotate, TimeAfterCreate: , TimeBeforeExpiry: P18M], [Action: Notify, TimeAfterCreate: ,
                  TimeBeforeExpiry: P30D]}
ExpiresIn       : P2Y
CreatedOn       : 6/9/2022 8:26:35 AM +00:00
UpdatedOn       : 6/9/2022 8:26:35 AM +00:00

These commands copy the key rotation policy test-key1 to key test-key2.

Parameters

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DefaultProfile

The credentials, account, tenant, and subscription used for communication with Azure.

Type:IAzureContextContainer
Aliases:AzContext, AzureRmContext, AzureCredential
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ExpiresIn

The expiryTime will be applied on the new key version. It should be at least 28 days. It will be in ISO 8601 Format. Examples: 90 days: P90D, 3 months: P3M, 48 hours: PT48H, 1 year and 10 days: P1Y10D.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-InputObject

Key object

Type:PSKeyVaultKeyIdentityItem
Aliases:Key
Position:0
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-KeyRotationLifetimeAction

PSKeyRotationLifetimeAction object.

Type:PSKeyRotationLifetimeAction[]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-KeyRotationPolicy

PSKeyRotationPolicy object.

Type:PSKeyRotationPolicy
Position:0
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-Name

Key name.

Type:String
Aliases:KeyName
Position:1
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-PolicyPath

A path to the rotation policy file that contains JSON policy definition.

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-VaultName

Vault name.

Type:String
Position:0
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

PSKeyRotationPolicy

PSKeyVaultKeyIdentityItem

Outputs

PSKeyRotationPolicy