cmek-lifecycle-rotation-safe-destruction-catastrophic

Status: OUT

CMEK key lifecycle has asymmetric risk: rotation is non-disruptive (creates new version without re-encrypting, ciphertext self-identifies its key version), but key destruction or access revocation permanently destroys all encrypted data across 40+ services — making rotation a safe operational practice but destruction an irreversible data lifecycle event.

JSON