diff --git a/terraform/account/kms.tf b/terraform/account/kms.tf
index 865290cf5d..4354fe2008 100644
--- a/terraform/account/kms.tf
+++ b/terraform/account/kms.tf
@@ -2,7 +2,7 @@ module "sessions_viewer_mrk" {
   source = "./modules/multi_region_kms"
 
   key_description         = "Managers keys for sessions in Viewer"
-  key_alias               = "sessions-viewer"
+  key_alias               = "sessions-viewer-mrk"
   deletion_window_in_days = 7
 
   providers = {
@@ -15,7 +15,7 @@ module "sessions_actor_mrk" {
   source = "./modules/multi_region_kms"
 
   key_description         = "Managers keys for sessions in Actor"
-  key_alias               = "sessions-actor"
+  key_alias               = "sessions-actor-mrk"
   deletion_window_in_days = 7
 
   providers = {
@@ -23,3 +23,26 @@ module "sessions_actor_mrk" {
     aws.secondary = aws.eu_west_2
   }
 }
+
+# No longer used but kept to keep regional KMS keys
+resource "aws_kms_key" "sessions_viewer" {
+  description             = "Managers keys for sessions in Viewer"
+  deletion_window_in_days = 7
+  enable_key_rotation     = true
+}
+
+resource "aws_kms_alias" "sessions_viewer" {
+  name          = "alias/sessions-viewer"
+  target_key_id = aws_kms_key.sessions_viewer.key_id
+}
+
+resource "aws_kms_key" "sessions_actor" {
+  description             = "Managers keys for sessions in Actor"
+  deletion_window_in_days = 7
+  enable_key_rotation     = true
+}
+
+resource "aws_kms_alias" "sessions_actor" {
+  name          = "alias/sessions-actor"
+  target_key_id = aws_kms_key.sessions_actor.key_id
+}
diff --git a/terraform/account/refactor.tf b/terraform/account/refactor.tf
index be6f000b28..34815bc991 100644
--- a/terraform/account/refactor.tf
+++ b/terraform/account/refactor.tf
@@ -393,36 +393,6 @@ moved {
   to   = module.eu_west_1.pagerduty_service_integration.cloudwatch_integration
 }
 
-moved {
-  from = aws_kms_key.sessions_viewer
-  to   = module.sessions_viewer_mrk.aws_kms_key.this
-}
-
-moved {
-  from = aws_kms_key.sessions_actor
-  to   = module.sessions_actor_mrk.aws_kms_key.this
-}
-
-moved {
-  from = aws_kms_alias.sessions_viewer
-  to   = module.sessions_viewer_mrk.aws_kms_alias.primary_alias
-}
-
-moved {
-  from = aws_kms_alias.sessions_actor
-  to   = module.sessions_actor_mrk.aws_kms_alias.primary_alias
-}
-
-moved {
-  from = aws_kms_key.secrets_manager
-  to   = module.secrets_manager_mrk.aws_kms_key.this
-}
-
-moved {
-  from = aws_kms_alias.secrets_manager_alias
-  to   = module.secrets_manager_mrk.aws_kms_alias.primary_alias
-}
-
 moved {
   from = aws_cloudwatch_log_group.workspace_cleanup_log
   to   = module.workspace_cleanup_mrk.aws_cloudwatch_log_group.workspace_cleanup_log
diff --git a/terraform/account/secretsmanager.tf b/terraform/account/secretsmanager.tf
index c36ea07007..336bff7d39 100644
--- a/terraform/account/secretsmanager.tf
+++ b/terraform/account/secretsmanager.tf
@@ -54,7 +54,7 @@ module "secrets_manager_mrk" {
 
   key_description         = "Secrets Manager encryption ${local.environment}"
   key_policy              = data.aws_iam_policy_document.secrets_manager_kms.json
-  key_alias               = "secrets_manager_encryption"
+  key_alias               = "secrets_manager_encryption-mrk"
   deletion_window_in_days = 10
 
   providers = {
@@ -63,6 +63,18 @@ module "secrets_manager_mrk" {
   }
 }
 
+resource "aws_kms_key" "secrets_manager" {
+  description             = "Secrets Manager encryption ${local.environment}"
+  deletion_window_in_days = 10
+  enable_key_rotation     = true
+  policy                  = data.aws_iam_policy_document.secrets_manager_kms.json
+}
+
+resource "aws_kms_alias" "secrets_manager_alias" {
+  name          = "alias/secrets_manager_encryption"
+  target_key_id = aws_kms_key.secrets_manager.key_id
+}
+
 data "aws_iam_policy_document" "secrets_manager_kms" {
   statement {
     sid       = "Enable Root account permissions on Key"
diff --git a/terraform/environment/shared_data_sources.tf b/terraform/environment/shared_data_sources.tf
index 19505d5ad5..628544755f 100644
--- a/terraform/environment/shared_data_sources.tf
+++ b/terraform/environment/shared_data_sources.tf
@@ -49,15 +49,15 @@ data "aws_acm_certificate" "public_facing_certificate_use" {
 }
 
 data "aws_kms_alias" "sessions_viewer" {
-  name = "alias/sessions-viewer"
+  name = "alias/sessions-viewer-mrk"
 }
 
 data "aws_kms_alias" "sessions_actor" {
-  name = "alias/sessions-actor"
+  name = "alias/sessions-actor-mrk"
 }
 
 data "aws_kms_alias" "secrets_manager" {
-  name = "alias/secrets_manager_encryption"
+  name = "alias/secrets_manager_encryption-mrk"
 }
 
 data "aws_kms_alias" "pagerduty_sns" {