Yandex.Cloud
  • Services
  • Why Yandex.Cloud
  • Solutions
  • Pricing
  • Documentation
  • Contact us
Get started
Yandex Key Management Service
  • Getting started
  • Step-by-step instructions
    • All instructions
    • Keys
    • Key version
    • Data encryption
  • Concepts
    • Overview
    • Keys
    • Key version
    • Encryption
    • Envelope encryption
    • Key consistency
    • Quotas and limits
  • Use cases
    • All use cases
    • Data encryption
      • Which encryption method should I choose?
      • Encrypting data using the Yandex.Cloud CLI and API
      • Encrypting data using the Yandex.Cloud SDK
      • Encrypting data using the AWS Encryption SDK
      • Encrypting data using Google Tink
    • Encrypting secrets in Managed Service for Kubernetes
    • KMS key management with Hashicorp Terraform
    • Encrypting secrets in Hashicorp Terraform
  • Access management
  • Pricing policy
  • API reference
    • Authentication in the API
    • gRPC
      • Overview
      • SymmetricCryptoService
      • SymmetricKeyService
      • OperationService
    • REST
      • Overview
      • SymmetricCrypto
        • Overview
        • decrypt
        • encrypt
        • generateDataKey
        • reEncrypt
      • SymmetricKey
        • Overview
        • cancelVersionDestruction
        • create
        • delete
        • get
        • list
        • listAccessBindings
        • listOperations
        • listVersions
        • rotate
        • scheduleVersionDestruction
        • setAccessBindings
        • setPrimaryVersion
        • update
        • updateAccessBindings
  • Questions and answers
  1. Concepts
  2. Key consistency

Key consistency

    The encrypt, decrypt, and reEncrypt methods are eventually consistent operations: it takes up to three hours for the updates they make to take effect.

    Eventually consistent operations require up to three hours for the changes to take effect:

    • Rotating keys (automatically and manually).
    • Changing the primary version of a key.
    • Changing the key status to Inactive.
    • Scheduling a key version for destruction.
    • Destroying keys.

    Strongly consistent operations take effect without delay:

    • Creating keys.
    • Changing the key status to Active.
    • Canceling scheduled key version destruction (the version status is Scheduled For Destruction).

    Note

    To quickly restrict access to a key, revoke the roles that are required to use the key when encrypting and decrypting data. For more information, see Access management.

    Language / Region
    Careers
    Privacy policy
    Terms of use
    Brandbook
    © 2021 Yandex.Cloud LLC