The Transit secrets engine focuses on cryptographic operations, not data storage or modification. The HashiCorp Vault documentation states: "The transit secrets engine handles cryptographic functions on data in-transit. Vault doesn’t store the data sent to the secrets engine. It can also be viewed as ‘cryptography as a service’ or ‘encryption as a service’. The transit secrets engine can also sign and verify data; generate hashes and HMACs of data; and act as a source of random bytes."
It further notes: "You can, however, rewrap data when the key has been rotated to ensure data is encrypted with the latest version." Supported actions includeencrypt,decrypt, andrewrap, butupdateis not a function, as Transit doesn’t store or modify data. Thus, D is correct.
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit