https://community.cloudera.com/t5/Support-Questions/KMS-Key-roll-excess-versions/m-p/317175#M227043 <P>Hello,</P><P>&nbsp;</P><P>The key version is stored in the metadata so that the client knows which version of the key to request from the KMS. By incrementing the key version, the old (and incorrect) key is not retrieved when decrypting a file encrypted with the new key. By incrementing the key and not reusing key numbers there is less risk of race conditions and makes it clear to the administrator that the key in use has been incremented.</P><P>&nbsp;</P><P>Hope that helps,</P><P>&nbsp;</P><P>Michael</P> Wed, 26 May 2021 18:33:40 GMT mridley 2021-05-26T18:33:40Z