forked from docs/doc-exports
Li, Qiao
d9e750baf4
Reviewed-by: Rogal, Marcel <mrogal@noreply.gitea.eco.tsi-dev.otc-service.com> Co-authored-by: Li, Qiao <qiaoli@huawei.com> Co-committed-by: Li, Qiao <qiaoli@huawei.com>
5.3 KiB
5.3 KiB
Enabling Key Rotation
This section describes how to enable rotation for a key on the KMS console.
By default, automatic key rotation is disabled for a custom key. Every time you enable key rotation, KMS automatically rotates custom keys based on the rotation period you set.
Prerequisites
- The key is enabled.
- The Origin of the key is KMS.
- Only symmetric keys can be rotated.
Constraints
Procedure
- Log in to the management console.
- Click
. Choose . The Key Management Service page is displayed.
- Click the alias of the target custom key to view its details.
- Click the Rotation Policy tab. The rotation switch is displayed.
- Click
to enable key rotation. - In the Enable Rotation Policy dialog box, set the rotation period and click OK.
- Set the rotation period (unit: day) to an integer in the range 30 to 365. The default value is 365.
- After the setting takes effect, the new rotation period starts.
- Configure the period based on how often a custom key is used. If it is frequently used, configure a short period. Otherwise, set a long one.
- A disabled custom key is never rotated, even if rotation is enabled for it.
- KMS resumes rotation when this custom key is enabled. If you enable this custom key after one rotation period has passed, KMS will rotate it within 24 hours.
- You can click
to change the rotation period. After the period is changed, KMS rotates the key by the new period.
- Check rotation details, as shown in the following figure.Figure 1 Key rotation details
You can click
to change the rotation period. After the period is changed, KMS rotates the key by the new period.
Parent topic: Rotating CMKs