You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/key-vault/managed-hsm/key-rotation.md
+8-14Lines changed: 8 additions & 14 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -2,20 +2,22 @@
2
2
title: Configure key auto-rotation in Azure Key Vault Managed HSM
3
3
description: Use this guide to learn how to configure automated the rotation of a key in Azure Key Vault Managed HSM
4
4
services: key-vault
5
-
author: dhruviyer
5
+
author: msmbaldwin
6
6
tags: 'rotation'
7
7
ms.service: key-vault
8
8
ms.subservice: managed-hsm
9
9
ms.topic: tutorial
10
-
ms.date: 3/18/2021
11
-
ms.author: dhruviyer
10
+
ms.date: 11/04/2022
11
+
ms.author: mbaldwin
12
12
---
13
-
# Configure key auto-rotation in Azure Managed HSM (preview)
13
+
# Configure key auto-rotation in Azure Managed HSM
14
14
15
15
## Overview
16
16
17
-
Automated key rotation in Managed HSM allows users to configure Managed HSM to automatically generate a new key version at a specified frequency. You can set a rotation policy to configure rotation for each individual
18
-
key and optionally rotate keys on demand. Our recommendation is to rotate encryption keys at least every two years to meet cryptographic best practices. For additional guidance and recommendations, see [NIST SP 800-57 Part 1](https://csrc.nist.gov/publications/detail/sp/800-57-part-1/rev-5/final).
17
+
> [!NOTE]
18
+
> Key auto-rotation requires the [Azure CLI version 2.42.0 or above](/cli/azure/install-azure-cli).
19
+
>
20
+
Automated key rotation in Managed HSM allows users to configure Managed HSM to automatically generate a new key version at a specified frequency. You can set a rotation policy to configure rotation for each individual key and optionally rotate keys on demand. Our recommendation is to rotate encryption keys at least every two years to meet cryptographic best practices. For additional guidance and recommendations, see [NIST SP 800-57 Part 1](https://csrc.nist.gov/publications/detail/sp/800-57-part-1/rev-5/final).
19
21
20
22
This feature enables end-to-end zero-touch rotation for encryption at rest for Azure services with customer-managed keys (CMK) stored in Azure Managed HSM. Please refer to specific Azure service documentation to see if the service covers end-to-end rotation.
21
23
@@ -125,14 +127,6 @@ Once a rotation policy is set for the key, you can also rotate the key on-demand
125
127
az keyvault key rotate --hsm-name <hsm-name> --name <key-name>
126
128
```
127
129
128
-
## Known issues
129
-
130
-
While automatic key rotation is in preview, known issues will be tracked in this section.
131
-
132
-
### `NoneType is not iterable` exception when Azure CLI receives an empty key rotation policy
133
-
134
-
When no key rotation policy is configured for a key, or an existing key rotation policy is deleted, AzCLI may report this error. This will be patched in a future version of AzCLI.
135
-
136
130
## Resources
137
131
138
132
-[Managed HSM role management](role-management.md)
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments