KMS Key rotation - re-encrypting data. | C2C Community

KMS Key rotation - re-encrypting data.

  • 1 September 2023
  • 0 replies

Hi All,

Need help on KMS Key rotation.  Currently,  I have encrypted my 20 TB data in several GCS buckets using key Primary Version - 2 with  90 days key rotation period.

After 90 days period, I have to create new key version  - 3 and make it primary and version - 2 to disable. 

Question is that - 

  1. Will i am able to encrypt current 20 TB data using new key version -3? if yes, how.
  2. What will happen when I disable key version - 2? 
  3. Should i am able to encrypt my older encrypted data with key version -3  as  version -2  is disabled now?
  4. Do I need to re-encrypt data with key version -3 or on each key rotation?  does it implies any direct/indirect cost to me?

0 replies

Be the first to reply!