Signing Keys API
Rotate signing secrets without downtime.
See the Signing and verification concept for background.
Rotate a destination’s signing key
Section titled “Rotate a destination’s signing key”POST /v1/destinations/{id}/signing-keys/rotate
Generates a new signing secret. During the grace period (default 7 days), Harbor sends both old and new signatures so your customer can roll over.
Parameters
Section titled “Parameters”| Name | Type | Required | Description |
|---|---|---|---|
grace_period_days | integer | no | How long to double-sign. 0-30. Default 7. |
Returns
Section titled “Returns”The new signing_secret (shown ONCE) and the rotation timeline.
Example
Section titled “Example”curl -X POST https://api.harbor.example/v1/destinations/dest_01HXYZ/signing-keys/rotate \ -H "Authorization: Bearer hk_live_your_api_key" \ -H "Content-Type: application/json" \ -d '{ "grace_period_days": 7}'Errors
Section titled “Errors”destination_not_foundrotation_in_progress