POST SSH/Rotate
Starts rotation of specified keyset. The SSH/Rotate API returns immediately after rotation starts. It does not wait until the key is actually provisioned on specified device, which can take time depending on the configured Agent schedule). To track rotation progress, call POST SSH/KeysetDetails.
Requirements
- Token scope: SSH:Manage
Headers
-
Content type: Content-Type:application/json.
- Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.
Parameters
Name |
Description |
---|---|
AllowSkipOnRotation |
The setting to manage keyset rotation of devices based on connectivity to Trust Protection Platform: false: Halt keyset rotation when one or more devices have a broken connection. true: Rotate keysets only for devices that currently have a connection to Trust Protection Platform. If a device has a broken connection, skip rotation of its keyset for now. Later, when the device is online, use an agentless SSH scan to automatically rotate the keyset. Requires scheduling an agentless SSH scan. For more information, see Assigning work for agentless discovery and remediation. |
KeysetId |
The identifier of a set of public and private key pairs. Depending on your environment, the value may be expressed with or without curly braces {}. You can get the KeysetId, from POST SSH/KeyUsage or the SSH Keyset Inventory. For example:
|
Options |
(Optional) To halt keyset rotation when one or more devices have a broken connection, omit this parameter. Otherwise, to Retry keyset rotation every 15 minutes when there is an error, use any combination:
|
Returns
Name |
Description |
---|---|
Success |
The SshWebResponse object with result of the operation. For more information, see SSH SshWebResponse object. |
Example: Rotate Keyset
Request
POST https://tpp.venafi.example/vedsdk/SSH/Rotate Authorization:Bearer 4MyGeneratedBearerTknz== { "Options":0, "KeysetId":"310E64EF92231B55A34E02A2779E14236CC7A326" }
Response
HTTP/1.1 200 OK { "Success":true}