Get Key Rotation Policy - Get Key Rotation Policy

Service:: Key Vault

API Version:: 2025-07-01

Lists the policy for a key.
The GetKeyRotationPolicy operation returns the specified key policy resources in the specified key vault. This operation requires the keys/get permission.

GET {vaultBaseUrl}/keys/{key-name}/rotationpolicy?api-version=2025-07-01

URI Parameters

Name	In	Required	Type	Description
key-name	path	True	string	The name of the key in a given key vault.
vaultBaseUrl	path	True	string (uri)
api-version	query	True	string minLength: 1	The API version to use for this operation.

Responses

Name	Type	Description
200 OK	KeyRotationPolicy	The request has succeeded.
Other Status Codes	KeyVaultError	An unexpected error response.

Security

OAuth2Auth

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name	Description
https://vault.azure.net/.default

Examples

GetKeyRotationPolicy

Sample request

HTTP

GET https://myvault.vault.azure.net//keys/key01/rotationpolicy?api-version=2025-07-01

Sample response

Status code:: 200

{
  "id": "https://myvault.vault.azure.net/keys/key01/rotationpolicy",
  "lifetimeActions": [
    {
      "trigger": {
        "timeAfterCreate": "P90D"
      },
      "action": {
        "type": "Rotate"
      }
    },
    {
      "trigger": {
        "timeBeforeExpiry": "P30D"
      },
      "action": {
        "type": "Notify"
      }
    }
  ],
  "attributes": {
    "expiryTime": "P2Y",
    "created": 1482188947,
    "updated": 1482188948
  }
}

Definitions

Name	Description
Error
KeyRotationPolicy	Management policy for a key.
KeyRotationPolicyAction	The type of the action. The value should be compared case-insensitively.
KeyRotationPolicyAttributes	The key rotation policy attributes.
KeyVaultError	The key vault error exception.
LifetimeActions	Action and its trigger that will be performed by Key Vault over the lifetime of a key.
LifetimeActionsTrigger	A condition to be satisfied for an action to be executed.
LifetimeActionsType	The action that will be executed.

Error

Object

Name	Type	Description
code	string	The error code.
innererror	Error	The key vault server error.
message	string	The error message.

KeyRotationPolicy

Object

Management policy for a key.

Name	Type	Description
attributes	KeyRotationPolicyAttributes	The key rotation policy attributes.
id	string	The key policy id.
lifetimeActions	LifetimeActions[]	Actions that will be performed by Key Vault over the lifetime of a key. For preview, lifetimeActions can only have two items at maximum: one for rotate, one for notify. Notification time would be default to 30 days before expiry and it is not configurable.

KeyRotationPolicyAction

Enumeration

The type of the action. The value should be compared case-insensitively.

Value	Description
Rotate	Rotate the key based on the key policy.
Notify	Trigger Event Grid events. Defaults to 30 days before expiry. Key Vault only.

KeyRotationPolicyAttributes

Object

The key rotation policy attributes.

Name	Type	Description
created	integer (unixtime)	The key rotation policy created time in UTC.
expiryTime	string	The expiryTime will be applied on the new key version. It should be at least 28 days. It will be in ISO 8601 Format. Examples: 90 days: P90D, 3 months: P3M, 48 hours: PT48H, 1 year and 10 days: P1Y10D
updated	integer (unixtime)	The key rotation policy's last updated time in UTC.

KeyVaultError

Object

The key vault error exception.

Name	Type	Description
error	Error	The key vault server error.

LifetimeActions

Object

Action and its trigger that will be performed by Key Vault over the lifetime of a key.

Name	Type	Description
action	LifetimeActionsType	The action that will be executed.
trigger	LifetimeActionsTrigger	The condition that will execute the action.

LifetimeActionsTrigger

Object

A condition to be satisfied for an action to be executed.

Name	Type	Description
timeAfterCreate	string	Time after creation to attempt to rotate. It only applies to rotate. It will be in ISO 8601 duration format. Example: 90 days : "P90D"
timeBeforeExpiry	string	Time before expiry to attempt to rotate or notify. It will be in ISO 8601 duration format. Example: 90 days : "P90D"

LifetimeActionsType

Object

The action that will be executed.

Name	Type	Description
type	KeyRotationPolicyAction	The type of the action. The value should be compared case-insensitively.

Share via

Get Key Rotation Policy - Get Key Rotation Policy

URI Parameters

Responses

Security

OAuth2Auth

Scopes

Examples

GetKeyRotationPolicy

Sample request

Sample response

Definitions

Error

KeyRotationPolicy

KeyRotationPolicyAction

KeyRotationPolicyAttributes

KeyVaultError

LifetimeActions

LifetimeActionsTrigger

LifetimeActionsType