Skip to main content

Rotate data encryption keys

post
/api/pvlt/1.0/system/admin/keys/rotate

Rotates all the KMS keys that Vault uses to encrypt properties, tokens, and more.

When the keys are rotated, new data is encrypted with the new key. All old keys are retained, so that content encrypted with previous keys can be decipherable.

The role that performs this operation must have the CapKMSWriter capability. See Access control for more information about how capabilities are used to control access to operations.

Possible responses

The request is successful.

Try the API

Authorization

Navigate to the docs of your local Vault installation to try the API directly from there.

Code examples

Example