One of the benefits of using the Vault transit secrets engine is its ability to easily rotate encryption keys. Which of these is true regarding key rotation?
One of the benefits of using the Vault transit secrets engine is its ability to easily rotate encryption keys. Which of these is true regarding key rotation?
Vault's transit secrets engine allows users to rotate encryption keys manually or through an automated process that invokes the key rotation API. Options A, B, and C are incorrect because Vault does not automatically rotate the encryption key based on a set period (A), it can enforce restrictions about the minimum encryption key version (B), and it maintains a versioned keyring (C).
All other answers are are wholly or partially untrue.