You are right, the NIST initiative linked by @0xcrypto is to standardize quantum-resistant public-key cryptographic algorithms (i.e., asymmetric cryptography). AES256 is currently quantum resistant, and will remain so until quantum computers become at least an order-of-magnitude more powerful than the current cutting-edge technology in quantum computing.
Question was well answered. Just to add a little from my googling
The table shows how much Quantum computer reduce effective key lengths for a common asymmetric public key cryptography algorithm (RSA) and for a common symmetric cryptography algorithm (AES).
The effective symmetric key length is reduced by a factor of 1/2 (i.e. one half)
The effective asymmetric key length is raised to a factor between (1/2) and (1/3) square root or cube root.
I think I remember hearing someone sayd the reduction in effetive symmetric key length is linear while the reduction in effective asymmetric key length is exponential or logartihmic or some other mathematical sounding thing…
Yes, as shown the 256 bit symmetric AES encryption key length looks like 128 bits of entropy to a quantum computer using Grover’s algorithm. It is a significant reduction, just nowhere as much as the asymmetric RSA where the 15,360 bit key would look like a measly 31 bits of entropy to a quantum computer using Shor’s algorithm. So the asymmetric encryption used in things like like logging into the server will be in jeopardy earlier, and the symmetric encryption used directly on the vault will be safe a lot longer. But if you think today’s vault might still be sensitive in a few decades, then don’t leave your encrypted backups laying around in public anywhere (not that anyone does that anwyay)