How often does Snowflake rotate object keys?

Object keys are the encryption keys Snowflake uses to protect the data encryption keys that actually encrypt your data. Rotating these keys regularly limits the amount of data exposed if a key were somehow compromised, by ensuring that a single key isn’t used for too long. Snowflake rotates object keys on a fixed 30-day cycle. This rotation is automatic and transparent to you, so your workloads aren’t disrupted and no manual action is required. When a rotation happens, Snowflake creates a new object key and re-wraps the existing data keys with that new key, allowing ongoing access to data without downtime. If you’re using customer-managed keys via an external KMS, you still benefit from Snowflake’s internal 30-day rotation schedule for the object keys, while you control the rotation of the external keys in your KMS.