Edit

Share via

Start-SecretRotation

  • Article

Synopsis

Triggers secret rotation on a stamp.

Syntax

Start-SecretRotation [-PathAccessCredential <Object>] [-ReRun] [-CertificatePassword <Object>] [-Internal]
 [-PfxFilesPath <Object>] [-AsJob]

Description

Invokes the secret rotation process for infrastructure secrets of an Azure Stack Hub system. By default, it rotates only the certificates of external network infrastructure endpoints. See Rotate secrets in Azure Stack Hub for more details.

Parameters

-Internal

Rotate secrets for internal network infrastructure endpoints.

Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-PfxFilesPath

Path of the new pfx files shared for external certs rotation. It's mandatory if external certs rotation is desired.

Type: Object
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-PathAccessCredential

Credentials to access PfxFilesPath. It's mandatory if external certs rotation is desired.

Type: Object
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-CertificatePassword

Password for the new pfx files provided. It's mandatory if external certs rotation is desired. It can be different from the original pfx password provided at initial deployment time. We will regenerate the pfx files with correct CA password.

Usage ::

    # Rotates external certificates only
    Start-SecretRotation -PfxFilesPath \<String\> -PathAccessCredential \<PSCredential\> -CertificatePassword \<SecureString\>

    # Rotates internal secrets only
    Start-SecretRotation -Internal  

    # Reruns internal secrets only
    Start-SecretRotation -Internal -ReRun 

    # Reruns external certificates only
    Start-SecretRotation -ReRun

Type: Object
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-ReRun

Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-AsJob

Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

Next steps

For information on how to access and use the privileged endpoint, see Use the privileged endpoint in Azure Stack Hub.