Need help on KMS Key rotation. Currently, I have encrypted my 20 TB data in several GCS buckets using key Primary Version - 2 with 90 days key rotation period.
After 90 days period, I have to create new key version - 3 and make it primary and version - 2 to disable.
Question is that -
- Will i am able to encrypt current 20 TB data using new key version -3? if yes, how.
- What will happen when I disable key version - 2?
- Should i am able to encrypt my older encrypted data with key version -3 as version -2 is disabled now?
- Do I need to re-encrypt data with key version -3 or on each key rotation? does it implies any direct/indirect cost to me?