KT-DP Encryption

Developers store TLS private keys in the application Git repo for 'deployment speed.' Fix?

Multiple choice — select one answer

Answer choices

  1. a. Share the repo with all contractors to improve on-call coverage, without security or identity team coordination per policy.
  2. b. Move keys to a managed secrets store with rotation and remove keys from Git history
  3. c. Use longer RSA keys in Git without changing storage or access controls, without security or identity team coordination per policy.
  4. d. Encrypt the Git repo password while keeping keys in the same repository tree, without security or identity team coordination per policy.

Architectural breakdown & explanation

Private keys in VCS are exposed to anyone with repo access; use HSM/KMS-backed secrets.

Correct answer(s): b. Move keys to a managed secrets store with rotation and remove keys from Git history

Exam domain: Encryption (20% weight on the official guide).

Official documentation & study links

Practice this certification

This page is one question from the KeyTrain's Key Training — Data Protection bank. Run a full timed practice exam with domain-weighted random questions in your browser.