How does CMK rotation work with CSFLE

We are considering using client-side field-level encryption and I have the following questions:

  • How does key rotation work?
  • Does key rotation require re-encrypting data on the client-side?
  • What happens in the CMK is rotated without re-encrypting data? Would this mean data loss?
1 Like

Why there’s no answer to such an important security question anywhere?
It’s important to know how this work in order to be able to activate the rotation feature on the AWS KMS, without taking the risk of the losing the key that encrypts all the data, therefore, losing all the data…