I have always encryption implemented in my azure sql database using column encryption key and column master key which are both stored in azure Keyvault1 and the keys backed up in azure Keyvault2 (located in a different geo region) as well.
In case of an event where keyvault1 goes down how can I switch the column master key path to point to keyvault2 so that my applications are up and running without much downtime?
From what I gathered so far, the solution seems to be decrypting the data, dropping the column encryption key, column master key and they repeating the steps in reverse order to utilize the keys in keyvault2.
Are there any other efficient solutions for this scenario or is this the limitation?
