Creating and Maintaining encryption keys
This is by no means an exhaustive review of creating and maintaining encryption keys. It is a quick overview of the process. For more information, please see the following resources:
Google cloud https://cloud.google.com/storage/docs/encryption/customer-managed-keys
AWS https://docs.aws.amazon.com/mgn/latest/ug/ebs-encryption-kms.html
Oracle https://docs.oracle.com/en-us/iaas/Content/KeyManagement/Concepts/keyoverview.htm
National Cyber Security Centre https://www.ncsc.gov.uk/collection/top-tips-for-staying-secure-online/password-managers
Creating a key
This sample would use the gcloud cli:
gcloud kms keyrings create my-keyring --location global
gcloud kms keys create my-key --location global --keyring my-keyring --purpose encryption
This sample would create a key using openssl (Linux, MacOS etc)
openssl genrsa -out private.key 2048
This is the code to use powershell on Windows:
$key = New-Object System.Security.Cryptography.RSACryptoServiceProvider 2048
$key.ExportParameters($true) | Export-Clixml -Path private.key