Which term refers to the lifecycle management of cryptographic keys, including generation, storage, rotation, and retirement?

Key management is the process of handling cryptographic keys throughout their lifetime, including generation, secure storage, regular rotation, and retirement or destruction. This term best fits because it encompasses every stage of how keys are created, protected, accessed, changed, and ultimately decommissioned, along with the policies and controls that govern their use. Other terms describe only parts of the picture: data at rest encryption focuses on using keys to protect stored data, tokenization substitutes sensitive data with tokens and doesn’t address key lifecycle, and key rotation is just one activity within the broader lifecycle. So the concept that covers the full lifecycle of cryptographic keys is key management.