I only see Key Vault Secret rotation but not Key Vault Keys rotation in docs. Create new version and disable the older version is one approach to rotate Azure Key Vault Keys(Cryptography Keys)
Is there any other way to rotate Cryptography Keys in Azure Key Vault Keys?
Whether working with secrets, keys, or certificates, use the full secret/key/certificate ID which includes the version. For keys, if you set the expiration just beyond the time you want to rotate, you don't need to manually disable the key.
So when you generate a new key or version (when using the same key name, it's the same result) it generates a new key ID you can use while the old remains valid until expired. You don't really need two keys unless you need a period of overlap, but you'd need two different key names at max since you should rely on full key IDs with versions for your application.
I also couldn't find official documentation, but I'll pass along the request. You can also always leave feedback on the documentation, for example, requesting key rotation docs on the secret rotation docs to which you referred.
