Enabling Key Rotation
This section describes how to enable rotation for a CMK on the KMS console.
By default, automatic key rotation is disabled for a CMK. Every time you enable key rotation, KMS automatically rotates CMKs based on the rotation period you set.
Prerequisites
- The CMK is enabled.
- The Origin of the CMK is KMS.
Constraints
A disabled CMK is never rotated, even if rotation is enabled for it.
KMS resumes rotation when this CMK is enabled. If you enable this CMK after one rotation period has passed, KMS will rotate it within 24 hours.
Procedure
- Log in to the management console.
- Click
in the upper left corner of the management console and select a region or project. - Click
. Choose .
- Click the alias of the desired CMK to view its details.
Figure 1 CMK details
- Click the Rotation Policy tab. The rotation switch is displayed.
Figure 2 CMK rotation
- Click
to enable key rotation. - Configure the rotation period and click OK, as shown in Figure 3. For more information, see Table 1.
Table 1 Key rotation parameters Parameter
Description
CMK rotation
Rotation switch. The default status is
.
: disabled
: enabledAfter rotation is enabled, the CMK will be rotated based on your set period.
NOTE:A disabled CMK is never rotated, even if rotation is enabled for it.
KMS resumes rotation when this CMK is enabled. If you enable this CMK after one rotation period has passed, KMS will rotate it within 24 hours.
Rotation Period (day)
Rotation period (day). The value is an integer ranging from 30 to 365. The default value is 365.
Configure the period based on how often a CMK is used. If it is frequently used, configure a short period; otherwise, set a long one.
- Check rotation details, as shown in the following figure.
Figure 4 CMK rotation details
You can click
to change the rotation period. After the period is changed, KMS rotates the CMK by the new period.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
