You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/key-vault/keys/how-to-configure-key-rotation.md
+7-6Lines changed: 7 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,5 +1,5 @@
1
1
---
2
-
title: Configure key auto-rotation in Azure Key Vault
2
+
title: Configure cryptographic key auto-rotation in Azure Key Vault
3
3
description: Use this guide to learn how to configure automated the rotation of a key in Azure Key Vault
4
4
services: key-vault
5
5
author: msmbaldwin
@@ -11,14 +11,16 @@ ms.topic: how-to
11
11
ms.date: 11/24/2021
12
12
ms.author: mbaldwin
13
13
---
14
-
# Configure key auto-rotation in Azure Key Vault
14
+
# Configure cryptographic key auto-rotation in Azure Key Vault
15
15
16
16
## Overview
17
+
Automated cryptographic key rotation in [Key Vault](../general/overview.md) allows users to configure Key Vault to automatically generate a new key version at a specified frequency. To configure roation you can use key rotation policy, which can be defined on each individual key.
17
18
18
-
Automated key rotation in [Key Vault](../general/overview.md) allows users to configure Key Vault to automatically generate a new key version at a specified frequency. For more information about how keys are versioned, see [Key Vault objects, identifiers, and versioning](../general/about-keys-secrets-certificates.md#objects-identifiers-and-versioning).
19
+
Our recommendation is to rotate encryption keys at least every two years to meet cryptographic best practices.
19
20
20
-
You can use rotation policy to configure rotation for each individual key. Our recommendation is to rotate encryption keys at least every two years to meet cryptographic best practices.
21
+
For more information about objects in Key Vault are versioned, see [Key Vault objects, identifiers, and versioning](../general/about-keys-secrets-certificates.md#objects-identifiers-and-versioning).
21
22
23
+
## Integarion with Azure services
22
24
This feature enables end-to-end zero-touch rotation for encryption at rest for Azure services with customer-managed key (CMK) stored in Azure Key Vault. Please refer to specific Azure service documentation to see if the service covers end-to-end rotation.
23
25
24
26
For more information about data encryption in Azure, see:
@@ -33,8 +35,7 @@ There's an additional cost per scheduled key rotation. For more information, see
33
35
34
36
Key Vault key rotation feature requires key management permissions. You can assign a "Key Vault Crypto Officer" role to manage rotation policy and on-demand rotation.
35
37
36
-
For more information on how to use Key Vault RBAC permission model and assign Azure roles, see:
37
-
[Use an Azure RBAC to control access to keys, certificates and secrets](../general/rbac-guide.md)
38
+
For more information on how to use Key Vault RBAC permission model and assign Azure roles, see [Use an Azure RBAC to control access to keys, certificates and secrets](../general/rbac-guide.md)
38
39
39
40
> [!NOTE]
40
41
> If you use an access policies permission model, it is required to set 'Rotate', 'Set Rotation Policy', and 'Get Rotation Policy' key permissions to manage rotation policy on keys.
0 commit comments