User Guide
Also available as:
loading table of contents...
Key Rotation

Simply update to reference a new key ID in Previously-encrypted events can still be decrypted as long as that key is still available in the key definition file or<OldKeyID> as the key ID is serialized alongside the encrypted record.