---
layout: api
page_title: /sys/rotate/config - HTTP API
sidebar_title: <code>/sys/rotate/config</code>
description: The `/sys/rotate/config` endpoint is used to configure automatic key rotation.
---

# `/sys/rotate/config`

The `/sys/rotate` endpoint is used to configure automatic key rotation.

## Configure Automatic Key Rotation

This endpoint configures the automatic rotation of the backend encryption key.  By
default, the key is rotated after just under 4 billion encryptions, to satisfy the 
recommendation of [NIST SP 800-38D](https://csrc.nist.gov/publications/detail/sp/800-38d/final).
One can configure rotations after fewer encryptions or on a time based schedule.  

## Create or Update the Auto Rotation Configuration

| Method  | Path                 |
| :------ | :------------------- |
| `POST`  | `/sys/rotate/config` |

### Parameters

- `max_operations` `(int: 3865470566)` - Specify the limit of encryptions after which
  the key will be automatically rotated.  The number must be between 1,000,000 and the
  default.
- `interval` `(string: "") - If set, the age of the active key at which an
  automatic rotation is triggered.  Specified as a Go duration string (e.g.
  4320h), the value must be at least 24 hours.
- `enabled` `(bool: true)` - If set to false, automatic rotations will not
  be performed.  Tracking of encryption counts will continue.

### Sample Payload

```json
{
  "max_operations": 2000000000,
  "interval": "4320h"
}
```

### Sample Request

```shell-session
$ curl \
    --request POST \
    --header "X-Vault-Token: ..." \
    --data @payload.json \
    http://127.0.0.1:8200/v1/sys/rotate/config
```

## Get the Auto Rotation Configuration

| Method | Path                 |
| :----- | :------------------- |
| `GET`  | `/sys/rotate/config` |

### Sample Request

```shell-session
$ curl \
    --request GET \
    --header "X-Vault-Token: ..." \
    http://127.0.0.1:8200/v1/sys/rotate/config
```

### Sample Response

```json
{
  "request_id": "f3d91b4a-69bf-4aaf-b928-df7a5486c130",
  "lease_id": "",
  "lease_duration": 0,
  "renewable": false,
  "data": {
    "max_operations": 2000000000,
    "interval": "4320h",
    "enabled": true
  },
  "warnings": null
}
```