KMS crypto keys should be rotated at least once every 365 days¶
Key rotation is a security best practice that helps reduce the potential impact of a compromised key, as users cannot use deprecated/older keys.
Google Cloud Console¶
Navigate to Key Management
Select your key and click Edit Rotation Period.
From the Rotation Period drop-down, select 365.
From the Starting on drop-down, enter today’s date.
To rotate your key every 365 days:
gcloud kms keys update key-name \ --location [your-location] \ --keyring [your-key-ring-name] \ --rotation-period 365 \ --next-rotation-time [today's date]