docs(km): add scheduled deletion docs

Author: nerda-codes

menu/navigation.json

@@ -501,8 +501,12 @@
                     "slug": "disable-km-keys"
                   },
                   {
-                    "label": "Delete Key Manager keys",
+                    "label": "Schedule Key Manager keys for deletion",
                     "slug": "delete-km-keys"
+                  },
+                  {
+                    "label": "Recover keys scheduled for deletion",
+                    "slug": "recover-deleted-keys"
                   }
                 ],
                 "label": "How to",

pages/key-manager/concepts.mdx

@@ -3,7 +3,7 @@ title: Key Manager - Concepts
 description: Explore essential cryptographic concepts, including symmetric and asymmetric encryption, data encryption keys (DEKs), key encryption keys (KEKs), and Scaleway Key Manager's robust features for secure key management and encryption operations.
 tags: key-manager key encryption-key
 dates:
-  validation: 2025-02-06
+  validation: 2025-07-24
 ---
 
 ## Asymmetric encryption
@@ -141,6 +141,12 @@ A region refers to the **geographical location** in which your key will be creat
 
 A root encryption key (REK) is another type of key that has the single purpose of encrypting and decrypting KEKs in order to store them in hard storage. Scaleway's Key Manager has one REK per region, which is securely stored in our facilities.
 
+## Scheduled deletion
+
+When you delete a key, it is scheduled for deletion. This lets you mark a key and its version for deletion ahead of time. Instead of immediate deletion, the key enters a 7-day pending deletion period, during which you can still recover it.
+
+During this time, you can read your key version but cannot edit, access, or delete it. After the retention period, the key and its version are permanently deleted.
+
 ## Symmetric encryption
 
 Symmetric encryption is a fundamental type of cryptographic method where the same key is used to both encrypt and decrypt data. This means that the sender and receiver must have access to the same secret key, which they use to secure their communication.

pages/key-manager/faq.mdx

@@ -2,7 +2,7 @@
 title: Key Manager FAQ
 description: Explore Scaleway Key Manager with our comprehensive FAQ covering security, key types, and more.
 dates:
-  validation: 2025-02-06
+  validation: 2025-07-24
 productIcon: KmsProductIcon
 ---
 
@@ -35,3 +35,11 @@ Key Manager supports the three following cryptographic operations:
 Keys with a [key usage](/key-manager/concepts/#key-usage) set to `symmetric_encryption` are **used to encrypt and decrypt data**.
 
 Refer to our [dedicated documentation](/key-manager/reference-content/understanding-key-manager/) to find out more about Key Manager.
+
+## What happens when I delete a key?
+
+When you delete a key, it is scheduled for deletion. This lets you mark a key and its version for deletion ahead of time. Instead of immediate deletion, the key enters a 7-day pending deletion period, during which you can still recover it.
+
+During this time, you can read your key version but cannot edit, access, or delete it. After the retention period, the key and its version are permanently deleted.
+
+Recovering keys  [scheduled for deletion](/key-manager/concepts/#scheduled-deletion) is billed €0.01 per key.

pages/key-manager/how-to/delete-km-keys.mdx

@@ -1,15 +1,17 @@
 ---
-title: Delete a Key Manager key
+title: Schedule a Key Manager key deletion
 description: Discover how to delete a Key Manager key from the Scaleway console.
 tags: key-manager delete key
 dates:
-  validation: 2025-02-06
+  validation: 2025-07-24
   posted: 2025-02-06
 ---
 import Requirements from '@macros/iam/requirements.mdx'
 
 
-This page shows you how to delete a Key Manager key.
+This page explains how to [schedule a key deletion](/key-manager/concepts/#scheduled-deletion) using the Scaleway console. You cannot delete protected keys, i.e. keys to which you have applied [key protection](/key-manager/concepts/#key-protection).
+
+Once you schedule a key for deletion, it enters a 7-day pending deletion period, during which you can still recover it. After this retention period, the key and its version are permanently deleted.
 
 <Requirements />
 
@@ -20,11 +22,12 @@ This page shows you how to delete a Key Manager key.
 
 ## How to delete a key
 
-1. Click Key Manager in the **Security and Identity section** of the [Scaleway console](https://console.scaleway.com) side menu. Your keys display.
+1. Click Key Manager in the **Security & Identity section** of the [Scaleway console](https://console.scaleway.com) side menu. Your keys display.
 2. Click the key you want to delete.
 3. Scroll down to the **Delete key** section, and click **Delete key**.
-4. Type **DELETE** to confirm and click **Delete key**.
+4. Type **DELETE** and click **Delete key** to confirm. Your key displays in the **Scheduled for deletion** tab for a period of 7 days before being permanently deleted.
 
     <Message type="important">
      All data encrypted using this key, including data encryption keys, will become unusable.
+     Deleting a key is a permanent action. All data encrypted using this key, including data encryption keys, will become unusable, if you do not [recover it](/key-manager/how-to/recover-deleted-keys/) before the end of the retention period.
     </Message>

pages/key-manager/how-to/recover-deleted-keys.mdx

@@ -0,0 +1,40 @@
+---
+title: How to recover keys scheduled for deletion
+description: Recover keys scheduled for deletion in the Scaleway console before they are permanently removed.
+tags: key encrypted-data scheduled-deletion recover-keys
+dates:
+  validation: 2025-07-24
+  posted: 2025-07-24
+---
+import Requirements from '@macros/iam/requirements.mdx'
+
+
+This page shows you how to recover keys scheduled for deletion using the Scaleway [console](https://console.scaleway.com). Once you schedule a key for deletion, it enters a 7-day pending deletion period, during which you can still recover it.
+After this retention period, the key and its version are permanently deleted.
+
+<Requirements />
+
+- A Scaleway account logged into the [console](https://console.scaleway.com)
+- [Owner](/iam/concepts/#owner) status or [IAM permissions](/iam/concepts/#permission) allowing you to perform actions in the intended Organization
+- Created a [key](/key-manager/how-to/create-key/)
+- Scheduled keys for deletion
+
+## How to recover one key
+
+1. Click **Key Manager** in the **Security & Identity** section of the [Scaleway console](https://console.scaleway.com/) side menu.
+2. Select the [region](/key-manager/concepts/#region) in which to recover the key, in the **Region** drop-down.
+3. Click the **Scheduled for deletion** tab. Your keys display.
+4. Click <Icon name="more" /> next to the key you want to recover and click **Recover**. A pop-up displays the estimated cost of recovering the key.
+    <Message type="note">
+     Recovering a key is billed €0.01 per key.
+    </Message>
+5. Click **Recover key** to confirm. Your key displays in the **Keys** tab.
+
+## How to recover several keys
+
+1. Click **Key Manager** in the **Security & Identity** section of the [Scaleway console](https://console.scaleway.com/) side menu.
+2. Select the [region](/key-manager/concepts/#region) in which to recover the key, in the **Region** drop-down.
+3. Click the **Scheduled for deletion** tab. Your keys display.
+4. Tick the checkbox next to **Name** to select all the keys you want to recover.
+5. Click the circular arrow to recover the selected keys.
+6. Check the estimated cost and click **Recover keys** to confirm.