Key consistency
Written by
Updated at March 31, 2025
The REST API encrypt, decrypt, reEncrypt for the SymmetricCrypto resource and the gRPC API SymmetricCryptoService/Encrypt, SymmetricCryptoService/Decrypt, and SymmetricCryptoService/ReEncrypt method calls are eventually consistent operations. It takes up to three hours for the updates they make to take effect.
Eventually consistent operations require up to three hours for the changes to take effect:
- Rotating keys (automatically and manually).
- Changing the primary version of a key.
- Changing the key status to
Inactive. - Scheduling a key version for destruction.
- Deleting a key.
Strongly consistent operations take effect without delay:
- Creating keys.
- Changing the key status to
Active. - Canceling scheduled key version destruction (the version status is
Scheduled For Destruction).
Note
To quickly restrict access to a key, revoke the roles required to use the key for encrypting and decrypting data. For more information, see Access management in Key Management Service.