The key rotation is triggered by protecting/unprotecting some data so its possible that it might not generate a new key in that time. Theres no built in mechanism to change when a new key is generated or when refreshed as those values are hard coded, the keys are valid for 90 days so theres scope to increase the values to allow for weekends etc. It's difficult to be confident that the key will always rollover and the consequences can be pretty catastrophic, seems like it needs a more bullet proof mechanism when more than one instance of the service. This could be an optional behaviour e.g. listen for blob changes, timer or whatever.
The key rotation is triggered by protecting/unprotecting some data so its possible that it might not generate a new key in that time. Theres no built in mechanism to change when a new key is generated or when refreshed as those values are hard coded, the keys are valid for 90 days so theres scope to increase the values to allow for weekends etc. It's difficult to be confident that the key will always rollover and the consequences can be pretty catastrophic, seems like it needs a more bullet proof mechanism when more than one instance of the service. This could be an optional behaviour e.g. listen for blob changes, timer or whatever.