diff --git a/controllers/storagecluster/storageclasses.go b/controllers/storagecluster/storageclasses.go
index 8fedd34b52..51ca429287 100644
--- a/controllers/storagecluster/storageclasses.go
+++ b/controllers/storagecluster/storageclasses.go
@@ -27,6 +27,8 @@ const (
 
 	//storage class driver name prefix
 	storageclassDriverNamePrefix = "openshift-storage"
+
+	keyRotationEnableAnnotation = "keyrotation.csiaddons.openshift.io/enable"
 )
 
 var (
@@ -280,6 +282,7 @@ func newCephBlockPoolStorageClassConfiguration(initData *ocsv1.StorageCluster) S
 	persistentVolumeReclaimDelete := corev1.PersistentVolumeReclaimDelete
 	allowVolumeExpansion := true
 	managementSpec := initData.Spec.ManagedResources.CephBlockPools
+	disableKeyRotation := !util.IsAnnotationTruthy(initData, keyRotationEnableAnnotation)
 	scc := StorageClassConfiguration{
 		storageClass: &storagev1.StorageClass{
 			ObjectMeta: metav1.ObjectMeta{
@@ -314,6 +317,9 @@ func newCephBlockPoolStorageClassConfiguration(initData *ocsv1.StorageCluster) S
 	if initData.Spec.ManagedResources.CephBlockPools.DefaultStorageClass {
 		scc.storageClass.Annotations[defaultStorageClassAnnotation] = "true"
 	}
+	if disableKeyRotation {
+		util.AddAnnotation(scc.storageClass, keyRotationEnableAnnotation, "false")
+	}
 	return scc
 }
 
@@ -336,7 +342,8 @@ func newNonResilientCephBlockPoolStorageClassConfiguration(initData *ocsv1.Stora
 	persistentVolumeReclaimDelete := corev1.PersistentVolumeReclaimDelete
 	allowVolumeExpansion := true
 	volumeBindingWaitForFirstConsumer := storagev1.VolumeBindingWaitForFirstConsumer
-	return StorageClassConfiguration{
+	disableKeyRotation := !util.IsAnnotationTruthy(initData, keyRotationEnableAnnotation)
+	scc := StorageClassConfiguration{
 		storageClass: &storagev1.StorageClass{
 			ObjectMeta: metav1.ObjectMeta{
 				Name: util.GenerateNameForNonResilientCephBlockPoolSC(initData),
@@ -366,6 +373,10 @@ func newNonResilientCephBlockPoolStorageClassConfiguration(initData *ocsv1.Stora
 		},
 		isClusterExternal: initData.Spec.ExternalStorage.Enable,
 	}
+	if disableKeyRotation {
+		util.AddAnnotation(scc.storageClass, keyRotationEnableAnnotation, "false")
+	}
+	return scc
 }
 
 // newCephNFSStorageClassConfiguration generates configuration options for a Ceph NFS StorageClass.
diff --git a/controllers/util/util.go b/controllers/util/util.go
index 4ed20767b7..44300df238 100644
--- a/controllers/util/util.go
+++ b/controllers/util/util.go
@@ -5,8 +5,10 @@ import (
 	"encoding/hex"
 	"encoding/json"
 	"fmt"
-	ocsv1 "github.com/red-hat-storage/ocs-operator/api/v4/v1"
 	"os"
+	"strings"
+
+	ocsv1 "github.com/red-hat-storage/ocs-operator/api/v4/v1"
 
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
@@ -103,3 +105,14 @@ func AssertEqual[T comparable](actual T, expected T, exitCode int) {
 		os.Exit(exitCode)
 	}
 }
+
+// IsAnnotationTruthy returns true if the annotation is present
+// and has a truthy value
+func IsAnnotationTruthy(obj metav1.Object, key string) bool {
+	annotations := obj.GetAnnotations()
+
+	if val, found := annotations[key]; found {
+		return strings.ToLower(val) == "true"
+	}
+	return false
+}