POST SSH/Rotate

Starts rotation of specified keyset. The SSH/Rotate API returns immediately after rotation starts. It does not wait until the key is actually provisioned on specified device, which can take time depending on the configured Agent schedule). To track rotation progress, call POST SSH/KeysetDetails.

Requirements

Token scope: SSH:Manage

Headers

Content type: Content-Type:application/json.
Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.

Parameters

Input parameters
Name	Description
KeysetId	The identifier of a set of public and private key pairs. Depending on your environment, the value may be expressed with or without curly braces {}. You can get the KeysetId, from POST SSH/KeyUsage or the SSH Keyset Inventory. For example:
Options	(Optional) To halt keyset rotation when one or more devices have a broken connection, omit this parameter. Otherwise, to Retry keyset rotation every 15 minutes when there is an error, use any combination: 0: Default. Halt rotation for any error. 1: RetryonError. If a device has a broken connection, skip rotation of its keyset for now. Later, when the device is online, you can use an agentless SSH scan to automatically rotate the keyset. Requires scheduling an agentless SSH scan. For more information, see Assigning work for agentless discovery and remediation. [2] ConnectionErrors. Retry for device connection errors. [3] Retry only for ConnectionErrors. [6] AnyErrors. Retry on any other error. [7] Retry for any errors

Returns

Response description
Name	Description
Success	The SshWebResponse object with result of the operation. For more information, see SSH SshWebResponse object.

Example: Rotate Keyset

Request

POST https://tpp.venafi.example/vedsdk/SSH/Rotate 
Authorization:Bearer 4MyGeneratedBearerTknz==
{
   "Options":0,
   "KeysetId":"310E64EF92231B55A34E02A2779E14236CC7A326"
}

Response

HTTP/1.1 200 OK
{
   "Success":true

}