HashiCorp Certified - Vault Associate Course - Seal and Unseal

It can decrypt data but not encrypt it.

It can only encrypt data but not decrypt it.

It can only perform status checks and unsealing.

It cannot perform any operations.

To encrypt the master key.

To reconstruct the master key and decrypt the encryption key.

To delete all stored data.

To reset the Vault configuration.

To increase data retrieval speed.

To protect data after a network compromise.

To allow more users to access the data.

To reduce the number of key shards.

Diffie-Hellman Key Exchange

Shamir's Secret Sharing

AES Encryption

RSA Encryption

Three

Ten

Five

Seven

Five

Two

Three

Four

Distribute them among multiple employees and store offline.

Encrypt them with a single PGP key.

Store them online for easy access.

Keep all shards with a single trusted employee.