This section describes the procedure for performing key rotation by creating a new version of an existing key.
To create a new version:
-
Under Action column, select New Version from the drop down to create a new version of the key.
-
The Alert! pop-up window appears.
-
Click Create to perform key rotation, or click Cancel to cancel the operation.
New version 2 for ESKM key [aws-byok_Test1_Key8] added successfully.
After creating a new version, the key must be uploaded using the Upload option, see Upload Key from ESKM to AWS-BYOK.
The default value for the Number of Active Versions Allowed for a key is 10. To modify this setting, see 6.4.12.1 Active Versions in the ESKM User Guide-8.54.7. If the maximum number of active key versions configured on the Key Options page is reached, creating a new key version will fail.