Merge pull request #200411 from jlichwa/main

PRMerger18 · web-flow · commit 60d75789ba1f · 2022-06-03T10:27:30.000-07:00
Add powershell commands
diff --git a/articles/key-vault/keys/how-to-configure-key-rotation.md b/articles/key-vault/keys/how-to-configure-key-rotation.md
@@ -53,11 +53,11 @@ Key rotation policy settings:
 -   Rotation time: key rotation interval, the minimum value is seven days from creation and seven days from expiration time
 -   Notification time: key near expiry event interval for Event Grid notification. It requires 'Expiry Time' set on rotation policy and 'Expiration Date' set on the key. 
 
-:::image type="content" source="../media/keys/key-rotation/key-rotation-1.png" alt-text="Rotation policy configuration":::
-
 > [!IMPORTANT]
 > Key rotation generates a new key version of an existing key with new key material. Ensure that your data encryption solution uses versioned key uri to point to the same key material for encrypt/decrypt, wrap/unwrap operations to avoid disruption to your services. All Azure services are currently following that pattern for data encryption.
 
+:::image type="content" source="../media/keys/key-rotation/key-rotation-1.png" alt-text="Rotation policy configuration":::
+
 ## Configure key rotation policy
 
 Configure key rotation policy during key creation.
@@ -105,6 +105,19 @@ Set rotation policy on a key passing previously saved file using Azure CLI [az k
 az keyvault key rotation-policy update --vault-name <vault-name> --name <key-name> --value </path/to/policy.json>
 ```
 
+### Azure PowerShell
+
+Set rotation policy using Azure Powershell [Set-AzKeyVaultKeyRotationPolicy](/powershell/module/az.keyvault/set-azkeyvaultkeyrotationpolicy) cmdlet. 
+
+```powershell
+Get-AzKeyVaultKey -VaultName <vault-name> -Name <key-name>    
+$action = [Microsoft.Azure.Commands.KeyVault.Models.PSKeyRotationLifetimeAction]::new()
+$action.Action = "Rotate"
+$action.TimeAfterCreate = New-TimeSpan -Days 540
+$expiresIn = New-TimeSpan -Days 720                                                 
+Set-AzKeyVaultKeyRotationPolicy -InputObject $key -KeyRotationLifetimeAction $action -ExpiresIn $expiresIn
+```
+
 ## Rotation on demand
 
 Key rotation can be invoked manually.
@@ -122,6 +135,14 @@ Use Azure CLI [az keyvault key rotate](/cli/azure/keyvault/key#az-keyvault-key-r
 az keyvault key rotate --vault-name <vault-name> --name <key-name>
 ```
 
+### Azure PowerShell
+
+Use Azure PowerShell [Invoke-AzKeyVaultKeyRotation](/powershell/module/az.keyvault/invoke-azkeyvaultkeyrotation) cmdlet.
+
+```powershell
+Invoke-AzKeyVaultKeyRotation -VaultName <vault-name> -Name <key-name>
+```
+
 ## Configure key near expiry notification
 
 Configuration of expiry notification for Event Grid key near expiry event. You can configure notification with days, months and years before expiry to trigger near expiry event. 
