1. Administration and security
  2. Bring Your Own Key
  3. Key Reminder

By default, encryption keys have a reminder date one year after creation. The Reminder Date column displays a date to serve as a cue to rotate each encryption key.

When it is time to rotate an encryption key:

  • The key shows as disabled in the Status column of the Encryption Keys page.
  • The key is removed from the list of available keys shown in the Key drop-down of the Encrypted Workspaces page.
  • Workspaces encrypted with that key remain encrypted, including backup versions of the workspace.
  • You can enable it. See Enabling an encryption key.