Why can't I create a standard key after I load another master key?

You are not able to create a standard key through either the UI or the API after you load another master key to the service instance.

You see the following error message when you try to create a standard key:

The service was not able to add key "<key_ID>". The HTTP status is 500.

You load another master key to your service instance after you create the root key. Because of this, the root key fails to wrap the standard key, and the standard key creation fails.

If you want to change the master key in a regular basis for security reasons, rotate the master key by following the instructions.

Load the original master key that is used to wrap the root key to the service instance again by following the instructions.