# Certificate and Key Management Operations One-sentence definition: Day-to-day lifecycle management for certificates and cryptographic keys. ## Key Facts - Inventory certificates/keys; classify by usage and owner. - Rotate keys regularly; enforce strong algorithms/lengths; disable legacy. - Store secrets in vaults/HSMs; control access, log retrievals. - Plan compromise response: revoke/rotate and reissue fast. - **Verify:** check official (ISC)² CBK and current exam outline. ## Exam Relevance - Choose automation and inventory to prevent expiries and weak crypto. **Mnemonic:** “**Know** keys, **renew** keys.” ## Mini Scenario Q: API uses weak RSA-1024—ops action? A: Migrate to modern curves/RSA-2048+, reissue certs, update policies. ## Revision Checklist - Inventory fields. - Storage rule. - Compromise plan. ## Related [[PKI Operations (CA CRL OCSP Key Escrow)]] · [[Secrets Rotation Strategies (Short-Lived Credentials)]] · [[Service-to-Service Auth (API Keys OAuth mTLS DPoP)]] · [[Identity Threat Detection and Response (ITDR)]] · [[Domain 7 - Index]]