When managing SSH keys, the Central Policy Manager (CPM) stores the Private Key in a secure system like the Vault. This ensures that the private key is kept secure and only accessible by authorized users or systems. Storing the private key on the target server would be less secure, and generating the private key from the public key is not possible due to the nature of asymmetric cryptography. Therefore, the correct answer is that the private key is stored in the Vault.