How to deal with key rotation and ProtectKeysWithAzureKeyVault #28073

Duke4848 · 2020-11-23T09:52:36Z

Duke4848
Nov 23, 2020

The current situation:

I have some unprotected data protection keys stored in a file storage
In the key vault I have key for encryption of next generated data protection keys(no keys have been yet generated while this key exists)

Desired situation:

-The next generated data-protection keys are gonna be encrypted with the newest key existing in keyvault
-Generation of newer key for the encryption will not get in the way of decrypting older data-protection keys

My question is when I use ProtectKeysWithAzureKeyVault , how to rotate the key for encryption of data-protection keys and what to do to ensure that I won't break usage of previous data-protection keys.

Answered by blowdart

Nov 24, 2020

If you're using the same key store, just with a new protection mechanism it'll be fine. The keys themselves contain information on how to unprotect them, and plain text ones should "just work" even if newer ones are encrypted.

View full answer

blowdart · 2020-11-24T14:45:52Z

blowdart
Nov 24, 2020
Collaborator

If you're using the same key store, just with a new protection mechanism it'll be fine. The keys themselves contain information on how to unprotect them, and plain text ones should "just work" even if newer ones are encrypted.

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

How to deal with key rotation and ProtectKeysWithAzureKeyVault #28073

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Replies: 1 comment

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

How to deal with key rotation and ProtectKeysWithAzureKeyVault #28073

Uh oh!

Uh oh!

Duke4848 Nov 23, 2020

Replies: 1 comment

Uh oh!

blowdart Nov 24, 2020 Collaborator

Duke4848
Nov 23, 2020

blowdart
Nov 24, 2020
Collaborator