Roll Over an Existing Key
How to roll over an existing Ranger KMS key.
Rolling over (or "rotating") a key retains the same key name, but the key will have a different version. This operation re-encrypts existing file keys, but does not re-encrypt the actual file. Keys can be rolled over at any time.
After a key is rotated in Ranger KMS, new files will have the file key encrypted by the new master key for the encryption zone.
- Log in to Ranger as the Ranger KMS admin user, click Encryption in the top menu, then select a Ranger KMS service.
To rotate a key, click the Rollover icon for the key in the Action
Click OK on the confirmation pop-up.