True or False? To encrypt existing encrypted data with the latest version of the encryption key, you need to first decrypt it and then request Vault to re-encrypt it with the latest version of the encryption key.
This statement isfalsedue to Vault’s rewrap feature:
B. False: "You can use the rewrap feature of the transit secrets engine to rewrap the data with the latest version of the key. This process does not reveal the plaintext data." Rewrapping updates the encryption key version without decryption.
Incorrect Option:
A. True: Incorrect; rewrapping avoids the decrypt-re-encrypt cycle.
This enhances security and efficiency in key rotation.
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit