Updates a key rotation policy.

When automatic key rotation is enabled, KMS automatically creates a new key version after the preset rotation period arrives and sets it as the primary key version. Automatic rotation policy cannot be defined in the following cases:

  • The specified CMK is an asymmetric key.
  • The specified CMK is a key managed by Alibaba Cloud Services.
  • The specified CMK is a BYOK (an external key imported into KMS).
  • The specified CMK is not in the Enabled state.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes UpdateRotationPolicy

The operation that you want to perform. Set the value to UpdateRotationPolicy.

EnableAutomaticRotation Boolean Yes true

Specifies whether to enable automatic key rotation. Valid values: true and false.

KeyId String Yes 1234abcd-12ab-34cd-56ef-12345678****

The globally unique ID of the CMK.

RotationInterval String No 30d

The period of automatic key rotation. It must be in the integer[unit] format. The unit can be d (day), h (hour), m (minute), or s (second). For example, both 7d and 604800s represent a seven-day period. Valid values: 7 to 730 days.

Note When EnableAutomaticRotation is set to true, this parameter is required. When EnableAutomaticRotation is set to false, this parameter is ignored.

Response parameters

Parameter Type Example Description
RequestId String efb1cbbd-a093-4278-bc03-639dd4fcc207

The ID of the request.

Examples

Sample requests

https://[Endpoint]/?Action=UpdateRotationPolicy
&EnableAutomaticRotation=true
&KeyId=1234abcd-12ab-34cd-56ef-12345678****
&RotationInterval=30d
&<Common request parameters>

Sample success responses

XML format

<KMS>
    <RequestId>efb1cbbd-a093-4278-bc03-639dd4fcc207</RequestId>
</KMS>

JSON format

{
    "RequestId": "efb1cbbd-a093-4278-bc03-639dd4fcc207"
}

Error codes

For a list of error codes, visit the API Error Center.