Rotate Key

Prev Next

Available in Classic and VPC

Rotate an enabled key to create a new version.

Request

This section describes the request format. The method and URI are as follows:

Method URI
POST /keys/{keyTag}/rotate

Request headers

For information about the headers common to all Key Management Service APIs, see the account authentication method in Key Management Service request headers.

Request path parameters

You can use the following path parameters with your request:

Field Type Required Description
keyTag String Required Key tag
  • Unique identifier for the key derived from the key name
  • Check through Get key list
  • Use to request encryption or decryption with REST APIs
  • Key tags are not treated as confidential information

Request example

The request example is as follows:

curl --location --request POST 'https://ocapi.ncloud.com/kms/v1/keys/a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6/rotate' \
--header 'x-ncp-apigw-timestamp: {Timestamp}' \
--header 'x-ncp-iam-access-key: {Access Key}' \
--header 'x-ncp-apigw-signature-v2: {API Gateway Signature}'

Response

This section describes the response format.

Response body

The response body includes the following data:

Field Type Required Description
code String - Success or Failure
data Object - Response result
data.keyTag String - Tag of the key that was rotated
data.version Integer - Newly created key version from rotation
data.rotatedDate Long - Key rotation date and time (millisecond)
  • Unix timestamp format

Response status codes

For response status codes common to all Key Management Service APIs, see Key Management Service response status codes.

Response example

The response example is as follows:

{
    "code": "SUCCESS",
    "data": {
        "keyTag": "a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6",
        "version": 4,
        "rotatedDate": 1733462407906
    }
}