Key consistency
Written by
Updated at October 17, 2024
The encrypt, decrypt, and reEncrypt REST API methods for the SymmetricCrypto resource and the SymmetricCryptoService/Encrypt, SymmetricCryptoService/Decrypt, and gRPC SymmetricCryptoService/ReEncrypt API calls are eventually consistent operations. It takes up to three hours for the updates they make to take effect.
Eventually consistent operations require up to three hours for the changes to take effect:
- Rotating keys (automatically and manually).
- Changing the primary version of a key.
- Changing the key status to
Inactive. - Scheduling a key version for destruction.
- Destroying keys.
Strongly consistent operations take effect without delay:
- Creating keys.
- Changing the key status to
Active. - Canceling scheduled key version destruction (the version status is
Scheduled For Destruction).
Note
To quickly restrict access to a key, revoke the roles required to use the key for encrypting and decrypting data. For more information, see Access management in Key Management Service.