Here's a neutral and interesting summary of the text in one paragraph: HashiCorp Boundary 0.11.1 introduces two new features, KMS key lifecycle management and previous-root KMS key purpose, which enable rotation of internal keys and allow teams to specify a KMS root key used only for decryption. The KMS provider provides the root of trust for encryption operations, and users must assign a purpose to a KMS stanza. The post explores the root and previous-root purposes, explaining how they work and how to rotate keys in a scope. Boundary also supports rotating keys with rewrap option to ensure all KEKs are encrypted with the new root key. Additionally, the text discusses migrating from one root key to another, including updating the existing root purpose KMS stanza to previous-root and adding a new root purpose KMS stanza with the new configuration.