KMS keys should be rotated every 90 days or less¶
KMS keys should be rotated frequently because rotation helps reduce the potential impact of a compromised key as users cannot use the old key to access the data.
Google Cloud Console¶
Navigate to KMS.
Select the specific key ring, click on the right-side pop up, and click Edit rotation period.
Select a new rotation period in days which should be less than 90 and then choose Starting on date.
Update and schedule rotation by ROTATION_PERIOD and NEXT_ROTATION_TIME for each key:
gcloud kms keys update new --keyring=KEY_RING --location=LOCATION --next-rotation-time=NEXT_ROTATION_TIME --rotation-period=ROTATION_PERIOD