You are using Vault’s Transit secrets engine to encrypt your data. You want to reduce the amount of content encrypted with a single key in case the key gets compromised. How would you do this?
You are using Vault’s Transit secrets engine to encrypt your data. You want to reduce the amount of content encrypted with a single key in case the key gets compromised. How would you do this?
To reduce the amount of content encrypted with a single key in case the key gets compromised, you should periodically rotate the encryption key. By rotating the key, you ensure that a compromised key will limit exposure to only the data encrypted with that specific key, thereby enhancing the overall security. Periodic key rotation is a common security practice to manage and mitigate potential risks associated with key compromise.
https://developer.hashicorp.com/vault/docs/secrets/transit#nist-rotation-guidance