Vault
/sys/policies/rotation/
Enterprise
Appropriate Vault Enterprise license required
Use the /sys/policies/rotation/ endpoints to manage
rotation policies in Vault. Not all plugins use rotation
policies. Check the plugin documentation to determine compatibility with rotation policies.
Create/Update rotation policy
Add or update a rotation policy. You may not see policy updates reflected immediately on all associated rotation entries. Refer to the rotation policy usage docs for more details.
| Method | Path |
|---|---|
POST | /sys/policies/rotation/:name |
Path parameters
name(string: <required>)– Specifies the name of the rotation policy to create.
Request parameters
policy(string: <required>)- Specifies the rotation policy document as a valid JSON-string. Refer to the rotation policy parameters for details on rotation policy definitions.
Sample payload
{
"policy": "{\"max_retry_cycles\": 3, \"max_retries_per_cycle\": 3}"
}
Sample request
$ vault write sys/policies/rotation/my-policy policy=@policy.json
Read rotation policy
Retrieve information about the named rotation policy.
| Method | Path |
|---|---|
GET | /sys/policies/rotation/:name |
Path parameters
name(string: <required>)– Specifies the name of the rotation policy to retrieve.
Sample request
$ curl \
--header "X-Vault-Token: ${VAULT_TOKEN}" \
${VAULT_ADDR}/v1/sys/policies/rotation/my-policy
Sample response
{
"max_retries_per_cycle": 3,
"max_retry_cycles": 3
}
Delete rotation policy
Delete the named rotation policy. Be aware that Vault deletes policies without confirm if a plugin currently uses it. Revert plugins to their default behavior or move them to a different policy before deleting the target policy.
| Method | Path |
|---|---|
DELETE | /sys/policies/rotation/:name |
Path parameters
name(string: <required>)– Specifies the name of the rotation policy to delete.
Sample request
$ curl \
--header "X-Vault-Token: ${VAULT_TOKEN}" \
--request DELETE
${VAULT_ADDR}/v1/sys/policies/rotation/my-policy