Domains / Security and Compliance/ Data Aggregate

Encryption Key Aggregate

Consistency boundary for a managed encryption key, including key metadata, rotation schedule, and usage policy.

Data Aggregate Application active

Encryption Key Aggregate tracks key versions, rotation history, and associated usage policies. Key material is never exposed outside Vault; only ciphertext operations are permitted via the transit API. Automated rotation is triggered 30 days before the configured expiry.

Relationships

Composes outgoing 1
Target Element Element Type
Compliance Policy Data Concept
Owns outgoing 2
Target Element Element Type
Secrets and Key Management Component
Vault API Software Subsystem
Owned by incoming 1
Source Element Element Type
Secrets and Key Management Component

Architecture Context

Diagrams

Not yet referenced in any diagram

Properties

Type Data Aggregate
Layer Application
Domain Security and Compliance
Status active
Owner Security Team

Additional Metadata

Lifecycle States active, rotating, retired, destroyed
Archimate Type data-object
Ddd Type Aggregate
Togaf Type Logical Data Component

Meta Model

Business
Organization
Application current
Technology

Actions