Key record state considerations

The following considerations can be followed for key record states.

Key record state transitions are well-defined and you must go through the whole path of states to delete a key record.
Setting a key record to active bumps the active key record to the inactive state for that group. There can only be one active record in a group.
The deprecated state is useful for saving a key and restricting its use. If as an administrator you think that a key has been compromised, you can manually put a hold on anyone using that key without that key being deleted from the system. You can set the key record to the deprecated state and someone attempting to do a backup or restore with this deprecated key would get an error.
The key record deletion involves two steps helping to reduce the possibility of accidentally deleting a key. You must first set deprecated keys to terminated and then you can delete the key record. Only terminated key records can be deleted (other than the keys which are in the prelive state).
You can use the prelive state to create a key record before use.