Get started
Yandex Key Management Service

Key consistency

    The encrypt, decrypt, and reEncrypt methods are eventually consistent operations: it takes up to three hours for the updates they make to take effect.

    Eventually consistent operations require up to three hours for the changes to take effect:

    • Rotating keys (automatically and manually).
    • Changing the primary version of a key.
    • Changing the key status to Inactive.
    • Scheduling a key version for destruction.
    • Destroying keys.

    Strongly consistent operations take effect without delay:

    • Creating keys.
    • Changing the key status to Active.
    • Canceling scheduled key version destruction (the version status is Scheduled For Destruction).

    Note

    To quickly restrict access to a key, revoke the roles that are required to use the key when encrypting and decrypting data. For more information, see Access management.