Yandex Cloud
  • Services
  • Solutions
  • Why Yandex Cloud
  • Pricing
  • Documentation
  • Contact us
Get started
Language / Region
© 2022 Yandex.Cloud LLC
Yandex Key Management Service
  • Getting started
  • Step-by-step instructions
    • All instructions
    • Key
    • Key version
    • Data encryption
  • Concepts
    • Overview
    • Key
    • Key version
    • Encryption
    • Envelope encryption
    • Key consistency
    • Hardware Security Module (HSM)
    • Quotas and limits
  • Practical guidelines
    • All tutorials
    • Data encryption
      • Which encryption method should I choose?
      • Encrypting data using the CLI and API Yandex Cloud
      • Encrypting data using the Yandex Cloud SDK
      • Encrypting data using the AWS Encryption SDK
      • Encrypting data using Google Tink
    • Encrypting secrets in Managed Service for Kubernetes
    • KMS key management with Hashicorp Terraform
    • Encrypting secrets in Hashicorp Terraform
    • Auto Unseal in Hashicorp Vault
  • Access management
  • Pricing policy
  • API reference
    • Authentication in the API
    • gRPC
      • Overview
      • SymmetricCryptoService
      • SymmetricKeyService
      • OperationService
    • REST
      • Overview
      • SymmetricCrypto
        • Overview
        • decrypt
        • encrypt
        • generateDataKey
        • reEncrypt
      • SymmetricKey
        • Overview
        • cancelVersionDestruction
        • create
        • delete
        • get
        • list
        • listAccessBindings
        • listOperations
        • listVersions
        • rotate
        • scheduleVersionDestruction
        • setAccessBindings
        • setPrimaryVersion
        • update
        • updateAccessBindings
  • Questions and answers
  1. Concepts
  2. Key consistency

Key consistency

Written by
Yandex Cloud

    The encrypt, decrypt, and reEncrypt methods are eventually consistent operations: it takes up to three hours for the updates they make to take effect.

    Eventually consistent operations require up to three hours for the changes to take effect:

    • Rotating keys (automatically and manually).
    • Changing the primary version of a key.
    • Changing the key status to Inactive.
    • Scheduling a key version for destruction.
    • Destroying keys.

    Strongly consistent operations take effect without delay:

    • Creating keys.
    • Changing the key status to Active.
    • Canceling scheduled key version destruction (the version status is Scheduled For Destruction).

    Note

    To quickly restrict access to a key, revoke the roles that are required to use the key when encrypting and decrypting data. For more information, see Access management in Key Management Service.

    Was the article helpful?

    Language / Region
    © 2022 Yandex.Cloud LLC