Key Management & Encryption

Who holds the keys controls the system — storage, disks, databases, secrets, and service-to-service trust.

Overview

Encryption protects data at rest and in transit while key management determines who can decrypt it. Cloud services like AWS KMS
and Azure Key Vault centralize secrets, certificates, and cryptographic keys. This pillar covers foundational cryptography labs,
cloud-native encryption, and advanced PKI/key lifecycle projects that support secure cloud architectures.

Completed Labs

No completed labs yet — this pillar is currently being built.

In Progress Labs

Lab 14

Cryptography Concepts

Symmetric · Asymmetric · Hashing

Lab 16

Securing Data with Encryption Software

File encryption · Key handling basics

Lab 21

PKI Management with Windows

Certificates · CA · CSR · Revocation

0602

Full-Disk Encryption with Intune BitLocker

Startup PIN · Recovery escrow

AWS-04

Encrypting AWS EBS Volumes & Snapshots

Storage-at-rest encryption

AWS-05

RDS Database Encryption & Backups

KMS · Backup encryption

Advanced Key Management Labs

Higher-level PKI, cloud encryption, and secrets management labs aligned with cloud security engineering.

Advanced

Azure Key Vault — Secrets, Keys & Rotation

RBAC · rotation policies

Advanced

AWS KMS — CMKs, Grants & Envelope Encryption

Multi-layer key protection

Advanced

PKI Lifecycle — Issue, Renew, Revoke

Certificate lifecycle automation

Advanced

TLS Handshake & Certificate Chain Analysis

CA · intermediates · trust chain