diff --git a/changelog/29506.txt b/changelog/29506.txt
new file mode 100644
index 000000000000..005a89dd11b6
--- /dev/null
+++ b/changelog/29506.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+core: Fix bug when if failing to persist the barrier keyring to track encryption counts, the number of outstanding encryptions remains added to the count, overcounting encryptions.
+```
diff --git a/vault/barrier_aes_gcm.go b/vault/barrier_aes_gcm.go
index e75b7a78a8e2..eb872ef3dea0 100644
--- a/vault/barrier_aes_gcm.go
+++ b/vault/barrier_aes_gcm.go
@@ -1281,6 +1281,8 @@ func (b *AESGCMBarrier) persistEncryptions(ctx context.Context) error {
 			newKeyring := b.keyring.Clone()
 			err := b.persistKeyringBestEffort(ctx, newKeyring)
 			if err != nil {
+				// because Keys are pointer addressed, we need to undo the update to the Encryption count here
+				activeKey.Encryptions -= uint64(newEncs)
 				return err
 			}
 			b.UnaccountedEncryptions.Sub(newEncs)