forked from docs/doc-exports
qinweiwei
3e4721c813
Reviewed-by: Rogal, Marcel <mrogal@noreply.gitea.eco.tsi-dev.otc-service.com> Co-authored-by: qinweiwei <qinweiwei@huawei.com> Co-committed-by: qinweiwei <qinweiwei@huawei.com>
5.5 KiB
5.5 KiB
Enabling Key Rotation
This section describes how to enable rotation for a key on the KMS console.
By default, automatic key rotation is disabled for a custom key. Every time you enable key rotation, KMS automatically rotates custom keys based on the rotation period you set.
Prerequisites
- The key is enabled.
- The Origin of the key is KMS.
- Only symmetric keys can be rotated.
Constraints
Procedure
- Log in to the management console.
- Click
in the upper left corner of the management console and select a region or project. - Click
on the left and choose .
- Click the custom key name to access it details page.
- Click the Rotation Policy tab. The rotation switch is displayed.
- Click
to enable key rotation. - In the displayed Enable Rotation Policy dialog box, set the rotation period and click OK.
- Set the rotation period (unit: day) to an integer in the range 30 to 365. The default value is 365.
- After the setting takes effect, the new rotation period starts.
- Configure the period based on how often a custom key is used. If it is frequently used, configure a short period. Otherwise, set a long one.
- A disabled custom key is never rotated, even if rotation is enabled for it.
- KMS resumes rotation when this custom key is enabled. If you enable this custom key after one rotation period has passed, KMS will rotate it within 24 hours.
- You can click
to change the rotation period. After the period is changed, KMS rotates the key by the new period.
- Enable key rotation. The key rotation details are displayed.Figure 1 Key rotation details
You can click
to change the rotation period. After the period is changed, KMS rotates the key by the new period.
Parent topic: Rotating CMKs