none
can a key rotation be automatic RRS feed

  • Question

  • We are currently developing an application where we will need to rotate keys used for signing responses. A few days prior to changing the key, we will need to expose the future key in our metadata so our consumers can prepare for the rotation. The old key will also need to be exposed in metadata for some time after the change. Can we use self signed certificates for this? Or is the best solution to just save the key parameters as a standard key? We would prefer if we can get the key rotation to work automatically. Can certificate auto renewal solve this? Or, is there an entirely different solution that you would recommend instead?

    Any suggestions please.

    Monday, August 26, 2019 5:41 PM

Answers

  • Key rotation is not automatic in Azure Key Vault but you can to automate that using Azure runbooks.  Please refer to this document.  Also, Key Vault Supports automatic renewal with selected issuers - Key Vault partner X509 certificate providers / certificate authorities.  You can also refer to this blog of this helps.
    Monday, August 26, 2019 7:35 PM
    Moderator

All replies

  • Key rotation is not automatic in Azure Key Vault but you can to automate that using Azure runbooks.  Please refer to this document.  Also, Key Vault Supports automatic renewal with selected issuers - Key Vault partner X509 certificate providers / certificate authorities.  You can also refer to this blog of this helps.
    Monday, August 26, 2019 7:35 PM
    Moderator
  • Please let me know if you find above reply useful. If yes, do click on 'Mark as answer' link in above reply. This will help other community members facing similar query to refer to this solution. Thanks.
    Friday, August 30, 2019 10:14 PM
    Moderator
  • thanks much.
    Friday, September 6, 2019 5:21 PM