Key consistency
Written by
Updated at October 13, 2023
The encrypt, decrypt, and reEncrypt REST API methods for the SymmetricCrypto resource and the SymmetricCryptoService/Encrypt, SymmetricCryptoService/Decrypt, and gRPC SymmetricCryptoService/ReEncrypt API calls are eventually consistent operations. It takes up to three hours for the updates they make to take effect.
Eventually consistent
- Rotating keys (automatically and manually).
- Changing the primary version of a key.
- Changing the key status to
Inactive
. - Scheduling a key version for destruction.
- Destroying keys.
Strongly consistent
- Creating keys.
- Changing the key status to
Active
. - Canceling scheduled key version destruction (the version status is
Scheduled For Destruction
).
Note
To quickly restrict access to a key, revoke the roles required to use the key for encrypting and decrypting data. For more information, see Access management in Key Management Service.