Monal Cloud is operated by Pahadi Research, LLC of Washington (US).

Security and platform engineering teams

Key Manager: How to Create, Rotate, and Use Encryption Keys

Manage key lifecycle in the key management service for data encryption and application signing workloads.

10 min read · Updated 2026-04-01

Prerequisites

  • Project access to key management service
  • IAM policies for key administrators and key users
  • Application integration plan for key retrieval and rotation

Implementation workflow

This runbook focuses on a reliable sequence for provisioning and validating the service through the cloud console.

  1. Open Security > Key Manager and create a new symmetric or asymmetric key.
  2. Set ownership, metadata, and usage policy constraints.
  3. Integrate key references into the consuming service or application.
  4. Create a rotation schedule and issue a new key version.
  5. Re-encrypt or re-sign workloads, then deprecate old key material.

Validation and operator checks

After deployment, verify connectivity, security boundaries, and backup posture before promoting workloads to production.

Operator tips

  • Split duties between key creation, approval, and usage roles.
  • Test key rotation in staging to validate application compatibility.
  • Record key lineage and retirement events for compliance evidence.