75caf59093
The operations are handled identically, but ~85% of the references were POST, and having a mix of PUT and POST was a source of questions. A subsequent commit will update the internal use of "PUT" such as by the API client and -output-curl-string.
32 lines
851 B
Plaintext
32 lines
851 B
Plaintext
---
|
|
layout: api
|
|
page_title: /sys/rotate - HTTP API
|
|
description: The `/sys/rotate` endpoint is used to rotate the encryption key.
|
|
---
|
|
|
|
# `/sys/rotate`
|
|
|
|
The `/sys/rotate` endpoint is used to rotate the encryption key.
|
|
|
|
## Rotate Encryption Key
|
|
|
|
This endpoint triggers a rotation of the backend encryption key. This is the key
|
|
that is used to encrypt data written to the storage backend, and is not provided
|
|
to operators. This operation is done online. Future values are encrypted with
|
|
the new key, while old values are decrypted with previous encryption keys.
|
|
|
|
This path requires `sudo` capability in addition to `update`.
|
|
|
|
| Method | Path |
|
|
| :----- | :------------ |
|
|
| `POST` | `/sys/rotate` |
|
|
|
|
### Sample Request
|
|
|
|
```shell-session
|
|
$ curl \
|
|
--header "X-Vault-Token: ..." \
|
|
--request POST \
|
|
http://127.0.0.1:8200/v1/sys/rotate
|
|
```
|