You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/container-registry/tutorial-rotate-revoke-customer-managed-keys.md
+16-5Lines changed: 16 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -44,22 +44,33 @@ If you configure the registry for manual updating for a new key version, run the
44
44
> [!TIP]
45
45
> When you run `az-acr-encryption-rotate-key`, you can pass either a versioned key ID or an unversioned key ID. If you use an unversioned key ID, the registry is then configured to automatically detect later key version updates.
46
46
47
-
To update a customer-managed key version manually, you have two options:
47
+
To update a customer-managed key version manually, you have three options:
48
48
49
-
- Rotate the key and use a user-assigned identity.
49
+
- Rotate the key and use a client ID of a managed identity.
50
50
51
-
If you're using the key from a different key vault, verify that `principal-id-user-assigned-identity` has the `get`, `wrap`, and `unwrap` permissions on that key vault.
51
+
If you're using the key from a different key vault, verify the `identity` has the `get`, `wrap`, and `unwrap` permissions on that key vault.
52
52
53
53
```azurecli
54
54
az acr encryption rotate-key \
55
55
--name <registry-name> \
56
56
--key-encryption-key <new-key-id> \
57
-
--identity <principal-id-user-assigned-identity>
57
+
--identity <client ID of a managed identity>
58
58
```
59
59
60
+
- Rotate the key and use a user-assigned identity.
61
+
62
+
Before you use the user-assigned identity, verify that the `get`, `wrap`, and `unwrap` permissions are assigned to it.
63
+
64
+
```azurecli
65
+
az acr encryption rotate-key \
66
+
--name <registry-name> \
67
+
--key-encryption-key <new-key-id> \
68
+
--identity <id of user assigned identity>
69
+
```
70
+
60
71
- Rotate the key and use a system-assigned identity.
61
72
62
-
Before you use the system-assigned identity, verify that the `get`, `wrap`, and `unwrap` permissions are assigned to it.
73
+
Before you use the system-assigned identity, verify that the `get`, `wrap`, and `unwrap` permissions are assigned to it.
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments