This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

KMS Key Rotation from Version 3 to Version 2, re-encrypting data, is it needed?

Posted on 09-01-2023 03:01 AM
anand-patel
Bronze 5
Bronze 5
Reply posted on --/--/---- --:-- AM

Hi All,

Need help on KMS Key rotation.  Currently,  I have encrypted my 20 TB data in several GCS buckets using key Primary Version - 2 with  90 days key rotation period.

After 90 days period, I have to create new key version  - 3 and make it primary and version - 2 to disable. 

Question is that - 

  1. Will i am able to encrypt current 20 TB data using new key version -3? if yes, how.
  2. What will happen when I disable key version - 2? 
  3. Should i am able to encrypt my older encrypted data with key version -3  as  version -2  is disabled now?
  4. Do I need to re-encrypt data with key version -3 or on each key rotation?  does it implies any direct/indirect cost to me?
2 0 127
0 REPLIES 0
Top Labels in this Space