You may have situations where you want to change or rotate an encryption key. Rotating the encryption key on a regular basis can help reduce risk for a number of data security scenarios.
Before you rotate a key
As you go to rotate an encryption key, there's a few things to keep in mind:
- You need both the current key and the new key you want to use.
- The new key will be used for new data within a few minutes. After that, any existing data is updated to use the new key, which can take multiple hours to complete.
- When the key rotation is complete, the old key is disabled and scheduled to be deleted in 30 days.
- All Org Security Admins are emailed when rotation is started and as when it completes.
Rotate a key
To rotate a key:
- From Organization Admin, click Security and go to Key Management.
- Click Rotate Key.
- Browse to upload the current key. Then, browse to upload the new key.
- After you have uploaded both current and new key, click Rotate Key.
- Then, check the box to confirm that you will keep a copy of the key and click Rotate Key to finish.