This is a typical problem, so it is has a pattern solution.
Mainly you should use key "K" to encrypt the files, and this key should be stored encrypted by key "A".
key "K" should not be distributed nether accessed by anyone else then the service that can decrepit key "A"
key "A" should be rotated, so every time key "A" has changed, it should re-encrypt key "K"
So lets say, in the second month we key "A" is replaced by key "B" and so on.