Set-AzKeyVaultKeyRotationPolicy

Module:

Az.KeyVault Module

Sets the key rotation policy for the specified key in Key Vault.

Set-AzKeyVaultKeyRotationPolicy
 [-VaultName] <String>
 [-Name] <String>
 [-ExpiresIn <String>]
 [-KeyRotationLifetimeAction <PSKeyRotationLifetimeAction[]>]
 [-DefaultProfile <IAzureContextContainer>]
 [-WhatIf]
 [-Confirm]
 [<CommonParameters>]

Set-AzKeyVaultKeyRotationPolicy
 [-VaultName] <String>
 [-Name] <String>
 -PolicyPath <String>
 [-DefaultProfile <IAzureContextContainer>]
 [-WhatIf]
 [-Confirm]
 [<CommonParameters>]

Set-AzKeyVaultKeyRotationPolicy
 [-InputObject] <PSKeyVaultKeyIdentityItem>
 [-ExpiresIn <String>]
 [-KeyRotationLifetimeAction <PSKeyRotationLifetimeAction[]>]
 [-DefaultProfile <IAzureContextContainer>]
 [-WhatIf]
 [-Confirm]
 [<CommonParameters>]

Set-AzKeyVaultKeyRotationPolicy
 [-InputObject] <PSKeyVaultKeyIdentityItem>
 -PolicyPath <String>
 [-DefaultProfile <IAzureContextContainer>]
 [-WhatIf]
 [-Confirm]
 [<CommonParameters>]

Set-AzKeyVaultKeyRotationPolicy
 [-KeyRotationPolicy] <PSKeyRotationPolicy>
 [-DefaultProfile <IAzureContextContainer>]
 [-WhatIf]
 [-Confirm]
 [<CommonParameters>]

This cmdlet requires the key update permission. It returns a key rotation policy for the specified key.

<#
rotation_policy.json
{
 "lifetimeActions": [
 {
 "trigger": {
 "timeAfterCreate": "P18M",
 "timeBeforeExpiry": null
 },
 "action": {
 "type": "Rotate"
 }
 },
 {
 "trigger": {
 "timeBeforeExpiry": "P30D"
 },
 "action": {
 "type": "Notify"
 }
 }
 ],
 "attributes": {
 "expiryTime": "P2Y"
 }
 }
#>
Set-AzKeyVaultKeyRotationPolicy -VaultName test-kv -Name test-key -PolicyPath rotation_policy.json

Id : https://test-kv.vault.azure.net/keys/test-key/rotationpolicy
VaultName : test-kv
KeyName : test-keyAM +00:00
LifetimeActions : {[Action: Notify, TimeAfterCreate: , TimeBeforeExpiry: P30D]}
ExpiresIn : P2Y
CreatedOn : 12/10/2021 3:21:51 AM +00:00
UpdatedOn : 6/9/2022 7:43:27

These commands set the rotation policy of key test-key by JSON file.

Set-AzKeyVaultKeyRotationPolicy -VaultName test-kv -Name test-key -ExpiresIn P2Y

Id : https://test-kv.vault.azure.net/keys/test-key/rotationpolicy
VaultName : test-kv
KeyName : test-keyAM +00:00
LifetimeActions : {[Action: Notify, TimeAfterCreate: , TimeBeforeExpiry: P30D]}
ExpiresIn : P2Y
CreatedOn : 12/10/2021 3:21:51 AM +00:00
UpdatedOn : 6/9/2022 7:43:27

These commands set the expiry time will be applied on the new key version of test-key as 2 years.

Get-AzKeyVaultKey -VaultName test-kv -Name test-key | Set-AzKeyVaultKeyRotationPolicy -KeyRotationLifetimeAction @{Action = "Rotate"; TimeBeforeExpiry = "P18M"}

Id : https://test-kv.vault.azure.net/keys/test-key/rotationpolicy
VaultName : test-kv
KeyName : test-key
LifetimeActions : {[Action: Rotate, TimeAfterCreate: , TimeBeforeExpiry: P18M], [Action: Notify, TimeAfterCreate: ,
 TimeBeforeExpiry: P30D]}
ExpiresIn : P2Y
CreatedOn : 12/10/2021 3:21:51 AM +00:00
UpdatedOn : 6/9/2022 8:10:43 AM +00:00

These commands set the duration before expiry to attempt to rotate test-key as 18 months.

$policy = Get-AzKeyVaultKeyRotationPolicy -VaultName test-kv -Name test-key1
$policy.KeyName = "test-key2"
$policy | Set-AzKeyVaultKeyRotationPolicy

Id : https://test-kv.vault.azure.net/keys/test-key2/rotationpolicy
VaultName : test-kv
KeyName : test-key2
LifetimeActions : {[Action: Rotate, TimeAfterCreate: , TimeBeforeExpiry: P18M], [Action: Notify, TimeAfterCreate: ,
 TimeBeforeExpiry: P30D]}
ExpiresIn : P2Y
CreatedOn : 6/9/2022 8:26:35 AM +00:00
UpdatedOn : 6/9/2022 8:26:35 AM +00:00

These commands copy the key rotation policy test-key1 to key test-key2.

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.