All Products
Search

This Product

    Key Management Service:UpdateRotationPolicy

    Document Center

    Key Management Service:UpdateRotationPolicy

    Last Updated:Sep 04, 2023

    Updates the automatic rotation policy of a key.

    After automatic rotation is enabled, a new key version is created and set to the primary version after the last rotation time plus the rotation period.

    Limits:

    • Only symmetric keys in KMS instances of the software key management type support key rotation.
    • Only keys in the Enabled state support key rotation. If a key is in the Disabled or Pending Deletion state, the key rotation feature is disabled. If the key re-enters the Enabled state, the key rotation feature is enabled.
    • Each key version of a key consumes the key quota. For example, if a key has three key versions, such as V1, V2, and V3, the key quota is deducted by 3.

    In this example, automatic key rotation is enabled for a key whose ID is key-hzz62f1cb66fa42qo****. The automatic rotation period is 30 days.

    Debugging

    OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

    Request parameters

    Parameter

    Type

    Required

    Example

    Description
    Action String Yes UpdateRotationPolicy

    The operation that you want to perform. Set the value to UpdateRotationPolicy.

    KeyId String Yes key-hzz62f1cb66fa42qo****

    The globally unique ID of the key.

    EnableAutomaticRotation Boolean Yes true

    Specifies whether to enable automatic key rotation. Valid values:

    • true

    • false

    RotationInterval String No 30d

    The period of automatic key rotation. Specify the value in the integer[unit] format. The following units are supported: d (day), h (hour), m (minute), and s (second). For example, you can use either 7d or 604800s to specify a seven-day period. Valid values: 7 to 365 days.

    Note

    If EnableAutomaticRotation is set to true, you must configure this parameter. If EnableAutomaticRotation is not set to true, you do not need to configure this parameter.

    Response parameters

    Parameter

    Type

    Example

    Description
    RequestId String efb1cbbd-a093-4278-bc03-639dd4fcc207

    The request ID.

    Examples

    Sample requests

    http(s)://[Endpoint]/?Action=UpdateRotationPolicy
&KeyId=key-hzz62f1cb66fa42qo****
&EnableAutomaticRotation=true
&RotationInterval=30d
&<Common request parameters>

    Sample success responses

    XML format

    HTTP/1.1 200 OK
Content-Type:application/xml

<UpdateRotationPolicyResponse>
    <RequestId>efb1cbbd-a093-4278-bc03-639dd4fcc207</RequestId>
</UpdateRotationPolicyResponse>

    JSON format

    HTTP/1.1 200 OK
Content-Type:application/json

{
  "RequestId" : "efb1cbbd-a093-4278-bc03-639dd4fcc207"
}

    Error codes

    HttpCode

    Error code

    Error message

    Description
    400 InvalidParameter The specified parameter is not valid. The error message returned because the specified parameter is invalid.
    404 InvalidAccessKeyId.NotFound The Access Key ID provided does not exist in our records. The error message returned because the specified AccessKey ID is not found.
    404 Forbidden.KeyNotFound The specified Key is not found. The error message returned because the specified key does not exist.

    For a list of error codes, see Service error codes.