Roll Over an Existing Key

How to roll over an existing Ranger KMS key.

Rolling over (or "rotating") a key retains the same key name, but the key will have a different version. This operation re-encrypts existing file keys, but does not re-encrypt the actual file. Keys can be rolled over at any time.

After a key is rotated in Ranger KMS, new files will have the file key encrypted by the new master key for the encryption zone.

Log in to Ranger as the Ranger KMS admin user, click Encryption in the top menu, then select a Ranger KMS service.
To rotate a key, click the Rollover icon for the key in the Action column.
Click OK on the confirmation pop-up.