/sys/policies/rotation/

Enterprise

Appropriate Vault Enterprise license required

Use the /sys/policies/rotation/ endpoints to manage rotation policies in Vault. Not all plugins use rotation policies. Check the plugin documentation to determine compatibility with rotation policies.

Create/Update rotation policy

Add or update a rotation policy. You may not see policy updates reflected immediately on all associated rotation entries. Refer to the rotation policy usage docs for more details.

Method	Path
`POST`	`/sys/policies/rotation/:name`

Path parameters

name (string: <required>) – Specifies the name of the rotation policy to create.

Request parameters

max_retries_per_cycle (int:<required>) - The maximum number of times the rotation manager should apply backoff for rotation entries after a rotation failure.
max_retry_cycles (int:<required>) - The maximum number of times the rotation manager should requeue rotation entries after reaching the max_retries_per_cycle limit. The rotation manager requeues rotation entries to their next scheduled rotation.

Sample payload

{
  "max_retry_cycles": 3,
  "max_retries_per_cycle": 3
}

Sample request

$ vault write sys/policies/rotation/my-policy \
  max_retry_cycles=3 \
  max_retries_per_cycle=3

$ curl                                       \
    --header "X-Vault-Token: ${VAULT_TOKEN}$ \
    --request POST                           \
    --data @payload.json                     \
    ${VAULT_ADDR}$/v1/sys/policies/rotation/my-policy

Read rotation policy

Retrieve information about the named rotation policy.

Method	Path
`GET`	`/sys/policies/rotation/:name`

Path parameters

name (string: <required>) – Specifies the name of the rotation policy to retrieve.

Sample request

$ curl \
    --header "X-Vault-Token: ${VAULT_TOKEN}" \
    ${VAULT_ADDR}/v1/sys/policies/rotation/my-policy

Sample response

{
    "max_retries_per_cycle": 3,
    "max_retry_cycles": 3
}

Delete rotation policy

Delete the named rotation policy. Be aware that Vault deletes policies without confirm if a plugin currently uses it. Revert plugins to their default behavior or move them to a different policy before deleting the target policy.

Method	Path
`DELETE`	`/sys/policies/rotation/:name`

Path parameters

name (string: <required>) – Specifies the name of the rotation policy to delete.

Sample request

$ curl \
    --header "X-Vault-Token: ${VAULT_TOKEN}" \
    --request DELETE
    ${VAULT_ADDR}/v1/sys/policies/rotation/my-policy