diff --git a/controllers/storagecluster/storageclasses.go b/controllers/storagecluster/storageclasses.go
index 8fedd34b52..d02815d8b2 100644
--- a/controllers/storagecluster/storageclasses.go
+++ b/controllers/storagecluster/storageclasses.go
@@ -27,6 +27,7 @@ const (
 
 	//storage class driver name prefix
 	storageclassDriverNamePrefix = "openshift-storage"
+	keyRotationEnableAnnotation  = "keyrotation.csiaddons.openshift.io/enable"
 )
 
 var (
@@ -198,6 +199,7 @@ func (r *StorageClusterReconciler) createStorageClasses(sccs []StorageClassConfi
 			}
 		}
 
+		scRecreated := false
 		existing := &storagev1.StorageClass{}
 		err := r.Client.Get(context.TODO(), types.NamespacedName{Name: sc.Name, Namespace: sc.Namespace}, existing)
 
@@ -232,6 +234,16 @@ func (r *StorageClusterReconciler) createStorageClasses(sccs []StorageClassConfi
 					r.Log.Info("Failed to create StorageClass.", "StorageClass", klog.KRef(sc.Namespace, sc.Name))
 					return err
 				}
+				scRecreated = true
+			}
+			if !scRecreated {
+				util.AddAnnotation(existing, keyRotationEnableAnnotation, sc.GetAnnotations()[keyRotationEnableAnnotation])
+
+				err = r.Client.Update(context.TODO(), existing)
+				if err != nil {
+					r.Log.Error(err, "Failed to update annotations on the StorageClass.", "StorageClass", klog.KRef(sc.Namespace, existing.Name))
+					return err
+				}
 			}
 		}
 	}
@@ -314,6 +326,9 @@ func newCephBlockPoolStorageClassConfiguration(initData *ocsv1.StorageCluster) S
 	if initData.Spec.ManagedResources.CephBlockPools.DefaultStorageClass {
 		scc.storageClass.Annotations[defaultStorageClassAnnotation] = "true"
 	}
+	if initData.GetAnnotations()[keyRotationEnableAnnotation] == "false" {
+		util.AddAnnotation(scc.storageClass, keyRotationEnableAnnotation, "false")
+	}
 	return scc
 }
 
@@ -336,7 +351,7 @@ func newNonResilientCephBlockPoolStorageClassConfiguration(initData *ocsv1.Stora
 	persistentVolumeReclaimDelete := corev1.PersistentVolumeReclaimDelete
 	allowVolumeExpansion := true
 	volumeBindingWaitForFirstConsumer := storagev1.VolumeBindingWaitForFirstConsumer
-	return StorageClassConfiguration{
+	scc := StorageClassConfiguration{
 		storageClass: &storagev1.StorageClass{
 			ObjectMeta: metav1.ObjectMeta{
 				Name: util.GenerateNameForNonResilientCephBlockPoolSC(initData),
@@ -366,6 +381,10 @@ func newNonResilientCephBlockPoolStorageClassConfiguration(initData *ocsv1.Stora
 		},
 		isClusterExternal: initData.Spec.ExternalStorage.Enable,
 	}
+	if initData.GetAnnotations()[keyRotationEnableAnnotation] == "false" {
+		util.AddAnnotation(scc.storageClass, keyRotationEnableAnnotation, "false")
+	}
+	return scc
 }
 
 // newCephNFSStorageClassConfiguration generates configuration options for a Ceph NFS StorageClass.