Cloudera Docs

Roll Over an Existing Key

How to roll over an existing Ranger KMS key.

When you roll over (or rotate) a key, the key retains the same key name, but creates a new version of the key. This newly versioned key becomes the currentKey. After the key rotation, new files will have the file key encrypted by the current encryption zone (EZ) key for the encryption zone.
  1. Log in to Ranger as the Ranger KMS admin user, click Encryption in the top menu, then select a Ranger KMS service.
  2. To rotate a key, click the Rollover icon for the key in the Action column.
  3. Click OK on the confirmation pop-up.