yexinru/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
Files
0b3a43371a4bcc99577594de0a685249d676a567
doc-exports/docs/kms/umn/dew_01_0139.html
qinweiwei 3e4721c813 KMS UMN 20251111 version 
Reviewed-by: Rogal, Marcel <mrogal@noreply.gitea.eco.tsi-dev.otc-service.com>
Co-authored-by: qinweiwei <qinweiwei@huawei.com>
Co-committed-by: qinweiwei <qinweiwei@huawei.com>
2026-01-19 09:05:54 +00:00

26 lines
5.5 KiB
HTML
Raw Blame History

<a name="dew_01_0139"></a><a name="dew_01_0139"></a>
<h1 class="topictitle1">Enabling Key Rotation</h1>
<div id="body1560411126723"><p id="dew_01_0139__p205531436153414">This section describes how to enable rotation for a key on the KMS console.</p>
<p id="dew_01_0139__p1839015433185">By default, automatic key rotation is disabled for a custom key. Every time you enable key rotation, KMS automatically rotates custom keys based on the rotation period you set. </p>
<div class="section" id="dew_01_0139__sa444d90e5d214eb2811cd143d283ed46"><h4 class="sectiontitle">Prerequisites</h4><ul id="dew_01_0139__u8d744762a5f14274b80a02295bec5fc4"><li id="dew_01_0139__l29c610ba3033475bac6bc580953de191">The key is enabled.</li><li id="dew_01_0139__l4ee73124cad8499f9ca881d8da04ea55">The <strong id="dew_01_0139__b842352706151939">Origin</strong> of the key is <strong id="dew_01_0139__b842352706151944">KMS</strong>.</li><li id="dew_01_0139__li57448402173">Only symmetric keys can be rotated.</li></ul>
</div>
<div class="section" id="dew_01_0139__section64471019452"><h4 class="sectiontitle">Constraints</h4><ul id="dew_01_0139__ul610113483016"><li id="dew_01_0139__li131021347306">A disabled custom key is never rotated, even if rotation is enabled for it.<p id="dew_01_0139__p7133161514451"><a name="dew_01_0139__li131021347306"></a><a name="li131021347306"></a>KMS resumes rotation when this custom key is enabled. If you enable this custom key after one rotation period has passed, KMS will rotate it within 24 hours.</p>
</li><li id="dew_01_0139__li17575113911308">Only CMKs can be rotated.</li></ul>
</div>
<div class="section" id="dew_01_0139__section1953329183312"><h4 class="sectiontitle">Procedure</h4><ol id="dew_01_0139__ol1114503053111"><li id="dew_01_0139__li1181420455820"><span>Log in to the management console.</span></li><li id="dew_01_0139__li880294292648"><span>Click <span><img id="dew_01_0139__dew_01_0178_image10325154918393" src="en-us_image_0000001284811084.png"></span> in the upper left corner of the management console and select a region or project.</span></li><li id="dew_01_0139__li1279512297175"><span>Click <span><img id="dew_01_0139__image89677333563" src="en-us_image_0000002479480792.png"></span> on the left and choose <span class="menucascade" id="dew_01_0139__menucascade396823313562"><b><span class="uicontrol" id="dew_01_0139__uicontrol13967133316567">Security</span></b> &gt; <b><span class="uicontrol" id="dew_01_0139__uicontrol896819338560">Key Management Service</span></b></span>.</span></li></ol><ol start="4" id="dew_01_0139__o5e2e47ccb4694d9a92de22a1b2e7063b"><li id="dew_01_0139__la52c5288d8f3424d86f1518fdfd6cc12"><span>Click the custom key name to access it details page.</span></li><li id="dew_01_0139__li1931383610460"><span>Click the <strong id="dew_01_0139__b9608721929">Rotation Policy</strong> tab. The rotation switch is displayed.</span></li><li id="dew_01_0139__li97144055118"><span>Click <span><img id="dew_01_0139__image592110499569" src="en-us_image_0000001348333869.png"></span> to enable key rotation.</span></li><li id="dew_01_0139__li1888241155212"><span>In the displayed <strong id="dew_01_0139__b19264751212">Enable Rotation Policy</strong> dialog box, set the rotation period and click <strong id="dew_01_0139__b726465110117">OK</strong>.</span><p><ul id="dew_01_0139__ul19813134363720"><li id="dew_01_0139__li981424313712">Set the rotation period (unit: day) to an integer in the range 30 to 365. The default value is <strong id="dew_01_0139__b65171050883523">365</strong>.</li><li id="dew_01_0139__li61234673712">After the setting takes effect, the new rotation period starts.</li><li id="dew_01_0139__li15429195003716">Configure the period based on how often a custom key is used. If it is frequently used, configure a short period. Otherwise, set a long one.<div class="note" id="dew_01_0139__note1014019414516"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ul id="dew_01_0139__ul81401741851"><li id="dew_01_0139__li1014011412058">A disabled custom key is never rotated, even if rotation is enabled for it.</li><li id="dew_01_0139__li20140441653">KMS resumes rotation when this custom key is enabled. If you enable this custom key after one rotation period has passed, KMS will rotate it within 24 hours.</li><li id="dew_01_0139__li1514010411851">You can click <span><img id="dew_01_0139__image18017391795" src="en-us_image_0000001295496116.png"></span> to change the rotation period. After the period is changed, KMS rotates the key by the new period.</li></ul>
</div></div>
</li></ul>
</p></li><li id="dew_01_0139__l4633213afa434f6fb904ca16361f06d1"><span>Enable key rotation. The key rotation details are displayed.</span><p><div class="fignone" id="dew_01_0139__fig87835532225"><span class="figcap"><b>Figure 1 </b>Key rotation details</span><br><span><img id="dew_01_0139__image663144313511" src="en-us_image_0000001678663053.png"></span></div>
<div class="note" id="dew_01_0139__note5784175332213"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="dew_01_0139__p19784953172211">You can click <span><img id="dew_01_0139__image13279175513115" src="en-us_image_0000002078468957.png"></span> to change the rotation period. After the period is changed, KMS rotates the key by the new period.</p>
</div></div>
</p></li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="dew_01_0138.html">Rotating CMKs</a></div>
</div>
</div>
View Git Blame Copy Permalink