Yesterday we covered "where to put your data (the Region)." Today we look at "how to protect that data safely." The core technology is encryption. If you transform data into a form no one can read, then even if someone steals it, it's useless without the key.
Today we'll lay out, at the conceptual level, the two states of encryption (in transit / at rest), the services that manage encryption keys (KMS and CloudHSM), and Secrets Manager, which safely stores sensitive information like passwords and API keys. The CLF exam asks not about deep content such as algorithms, but about "when to use what."
Data must be protected in two situations.
**1