Enabling Key Rotation
This section describes how to enable rotation for a key on the KMS console.
By default, automatic key rotation is disabled for a custom key. Every time you enable key rotation, KMS automatically rotates custom keys based on the rotation period you set.
Prerequisites
- The key is enabled.
- The Origin of the key is KMS.
- Only symmetric keys can be rotated.
Constraints
Procedure
- Log in to the management console.
- Click
in the upper left corner of the management console and select a region or project. - Click
. Choose.
- Click the alias of the target custom key to view its details.
- Click the Rotation Policy tab. The rotation switch is displayed, as shown in Figure 1.
- Click
to enable key rotation. - Configure the rotation period and click OK, as shown in Figure 2. For more information, see Table 1.
Table 1 Key rotation parameters Parameter
Description
Key rotation
Rotation switch. The default status is
.
: disabled
: enabledAfter rotation is enabled, the key will be rotated based on your set period.
NOTE:A disabled custom key is never rotated, even if rotation is enabled for it.
KMS resumes rotation when this custom key is enabled. If you enable this custom key after one rotation period has passed, KMS will rotate it within 24 hours.
Rotation Period (day)
Rotation period (day). The value is an integer ranging from 30 to 365. The default value is 365.
Configure the period based on how often a custom key is used. If it is frequently used, configure a short period. Otherwise, set a long one.
- Check rotation details, as shown in the following figure.
Figure 3 Key rotation details
You can click
to change the rotation period. After the period is changed, KMS rotates the key by the new period.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
