True or False:
When using the transit secrets engine, setting the min_decryption_version will determine the minimum key length of the data key (i.e., 2048, 4096, etc.)
A . False
B . True
Answer: A
Explanation:
The Transit engine supports the versioning of keys. Key versions that are earlier than a key’s specified min_decryption_version gets archived, and the rest of the key versions belong to the working set. This is a performance consideration to keep key loading fast, as well as a security consideration: by disallowing decryption of old versions of keys, found ciphertext corresponding to obsolete (but sensitive) data can not be decrypted by most users, but in an emergency, the min_decryption_version can be moved back to allow for legitimate decryption.
Reference link: – https://www.vaultproject.io/docs/secrets/transit
Leave a Reply