scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-11-04 12:37:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
ef901b1bc47d6f0eb96fe83fe67d77873ddad3bd
vault/website/content/api-docs/system/rotate-config.mdx
Bryce Kalow e27b43c482 feat(website): migrates nav data format and updates docs pages (#11242) 
* migrates nav data format and updates docs pages

* removes sidebar_title from content files
2021-04-06 13:49:04 -04:00

85 lines
2.1 KiB
Plaintext
Raw Blame History

---
layout: api
page_title: /sys/rotate/config - HTTP API
description: The `/sys/rotate/config` endpoint is used to configure automatic key rotation.
---
# `/sys/rotate/config`
The `/sys/rotate` endpoint is used to configure automatic key rotation.
## Configure Automatic Key Rotation
This endpoint configures the automatic rotation of the backend encryption key. By
default, the key is rotated after just under 4 billion encryptions, to satisfy the
recommendation of [NIST SP 800-38D](https://csrc.nist.gov/publications/detail/sp/800-38d/final).
One can configure rotations after fewer encryptions or on a time based schedule.
## Create or Update the Auto Rotation Configuration
| Method | Path |
| :----- | :------------------- |
| `POST` | `/sys/rotate/config` |
### Parameters
- `max_operations` `(int: 3865470566)` - Specify the limit of encryptions after which
the key will be automatically rotated. The number must be between 1,000,000 and the
default.
- `interval` `(string: "") - If set, the age of the active key at which an
automatic rotation is triggered. Specified as a Go duration string (e.g.
4320h), the value must be at least 24 hours.
- `enabled` `(bool: true)` - If set to false, automatic rotations will not
be performed. Tracking of encryption counts will continue.
### Sample Payload
```json
{
"max_operations": 2000000000,
"interval": "4320h"
}
```
### Sample Request
```shell-session
$ curl \
--request POST \
--header "X-Vault-Token: ..." \
--data @payload.json \
http://127.0.0.1:8200/v1/sys/rotate/config
```
## Get the Auto Rotation Configuration
| Method | Path |
| :----- | :------------------- |
| `GET` | `/sys/rotate/config` |
### Sample Request
```shell-session
$ curl \
--request GET \
--header "X-Vault-Token: ..." \
http://127.0.0.1:8200/v1/sys/rotate/config
```
### Sample Response
```json
{
"request_id": "f3d91b4a-69bf-4aaf-b928-df7a5486c130",
"lease_id": "",
"lease_duration": 0,
"renewable": false,
"data": {
"max_operations": 2000000000,
"interval": "4320h",
"enabled": true
},
"warnings": null
}
```
Reference in New Issue View Git Blame Copy Permalink