Rotation Purpose Violation
URI: https://docs.ankatech.co/errors/rotation-purpose-violation
HTTP Status: 422 Unprocessable Entity
When you see this
The rotation you requested would change the key's purpose. Rotation preserves the original key's purpose by design; it cannot turn an encryption key into a signing key (or vice versa).
Common Causes
- Rotating an
ENCRYPT_DECRYPTkey into an algorithm that only supports signing. - Supplying a target purpose in the rotation request that differs from the source key's purpose.
- Attempting to repurpose a key under the guise of rotation.
Response Example
{
"type": "https://docs.ankatech.co/errors/rotation-purpose-violation",
"title": "Rotation Purpose Violation",
"status": 422,
"detail": "Rotation cannot change the key purpose. The new key must keep the original purpose.",
"instance": "/api/v3/keys/my-mlkem-key/rotate",
"correlationId": "550e8400-e29b-41d4-a716-446655440000",
"timestamp": 1730000000
}
Content-Type: application/problem+json — the response follows RFC 7807 Problem Details.
How to Resolve
- Choose a rotation target algorithm whose purpose matches the source key's purpose.
- Keep the requested purpose identical to the existing key's purpose.
- If you genuinely need a different purpose, create a new key instead of rotating.
For full schema definitions, examples, and interactive testing, see the Developer Hub Reference.