Set-AzKeyVaultKeyRotationPolicy

Reference

Module:: Az.KeyVault

Sets the key rotation policy for the specified key in Key Vault.

Note

This is the previous version of our documentation. Please consult the most recent version for up-to-date information.

Syntax

Set-AzKeyVaultKeyRotationPolicy
   [-ExpiresIn <TimeSpan>]
   [-KeyRotationLifetimeAction <PSKeyRotationLifetimeAction[]>]
   [-VaultName] <String>
   [-Name] <String>
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Set-AzKeyVaultKeyRotationPolicy
   [-KeyRotationPolicy] <PSKeyRotationPolicy>
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Set-AzKeyVaultKeyRotationPolicy
   [-ExpiresIn <TimeSpan>]
   [-KeyRotationLifetimeAction <PSKeyRotationLifetimeAction[]>]
   [-InputObject] <PSKeyVaultKeyIdentityItem>
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

This cmdlet requires the key update permission. It returns a key rotation policy for the specified key.

Examples

Example 1: Sets key rotation policy expiry time

$t = New-TimeSpan -Days 50
Set-AzKeyVaultKeyRotationPolicy -VaultName test-kv -Name test-key -ExpiresIn $t

Id              : https://test-kv.vault.azure.net/keys/test-key/rotationpolicy
VaultName       : test-kv
KeyName         : test-key
LifetimeActions : {[Action: Notify, TimeAfterCreate: , TimeBeforeExpiry: 30.00:00:00]}
ExpiresIn       : 50.00:00:00
CreatedOn       : 12/10/2021 3:21:51 AM +00:00
UpdatedOn       : 12/10/2021 3:22:14 AM +00:00

These cmdlets set the key rotation policy expiry time of test-key as 50 days.

Example 2: Sets key rotation policy by InputObject

$key = Get-AzKeyVaultKey -VaultName test-kv -Name test-key
$action = [Microsoft.Azure.Commands.KeyVault.Models.PSKeyRotationLifetimeAction]::new()
$action.Action = "Rotate"
$action.TimeBeforeExpiry = New-TimeSpan -Days 30
Set-AzKeyVaultKeyRotationPolicy -InputObject $key -KeyRotationLifetimeAction $action

Id              : https://test-kv.vault.azure.net/keys/test-key/rotationpolicy
VaultName       : test-kv
KeyName         : test-key
LifetimeActions : {[Action: Rotate, TimeAfterCreate: , TimeBeforeExpiry: 30.00:00:00], [Action: Notify,
                  TimeAfterCreate: , TimeBeforeExpiry: 30.00:00:00]}
ExpiresIn       : 50.00:00:00
CreatedOn       : 12/10/2021 3:21:51 AM +00:00
UpdatedOn       : 12/14/2021 5:26:28 AM +00:00

These cmdlets set the key rotation policy expiry time of test-key as 50 days.

Example 3: Sets key rotation policy by PSKeyRotationPolicy object

$key = Get-AzKeyVaultKey -VaultName test-kv -Name test-key
$policy = Get-AzKeyVaultKeyRotationPolicy $key
$policy.ExpiresIn = New-TimeSpan -Days 60
Set-AzKeyVaultKeyRotationPolicy -KeyRotationPolicy $policy

LifetimeActions : {[Action: Rotate, TimeAfterCreate: , TimeBeforeExpiry: 30.00:00:00], [Action: Notify,
                  TimeAfterCreate: , TimeBeforeExpiry: 30.00:00:00]}
ExpiresIn       : 60.00:00:00
CreatedOn       : 12/10/2021 3:21:51 AM +00:00
UpdatedOn       : 12/14/2021 5:34:00 AM +00:00

These cmdlets set the key rotation policy expiry time of test-key as 50 days.

Parameters

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:	SwitchParameter
Aliases:	cf
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-DefaultProfile

The credentials, account, tenant, and subscription used for communication with Azure.

Type:	IAzureContextContainer
Aliases:	AzContext, AzureRmContext, AzureCredential
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-ExpiresIn

The time span when the key rotation policy will expire. It should be at least 28 days.

Type:	TimeSpan
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-InputObject

Key object

Type:	PSKeyVaultKeyIdentityItem
Aliases:	Key
Position:	0
Default value:	None
Accept pipeline input:	True
Accept wildcard characters:	False

-KeyRotationLifetimeAction

PSKeyRotationLifetimeAction object.

Type:	PSKeyRotationLifetimeAction[]
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-KeyRotationPolicy

PSKeyRotationPolicy object.

Type:	PSKeyRotationPolicy
Position:	0
Default value:	None
Accept pipeline input:	True
Accept wildcard characters:	False

-Name

Key name.

Type:	String
Aliases:	KeyName
Position:	1
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-VaultName

Vault name.

Type:	String
Position:	0
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:	SwitchParameter
Aliases:	wi
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

Inputs

PSKeyRotationPolicy

PSKeyVaultKeyIdentityItem

Outputs

PSKeyRotationPolicy

Set-AzKeyVaultKeyRotationPolicy

Syntax

Description

Examples

Example 1: Sets key rotation policy expiry time

Example 2: Sets key rotation policy by InputObject

Example 3: Sets key rotation policy by PSKeyRotationPolicy object

Parameters

Inputs

Outputs

Related Links