Code Room
System designHardsd-g233
Subject Secrets managementLevel Senior–Staff~45 minCommon in Security interviewsIndustries Technology, Software development

Question

Design an encryption-at-rest and key-management system for a platform storing billions of customer records, where each customer wants their own encryption key (so you can cryptographically delete a customer by destroying their key), keys must rotate without re-encrypting petabytes of data, and a compromised key must be revocable. Throughput: 200K encrypt/decrypt ops/sec. Walk through the key hierarchy, how rotation works without rewriting all data, and how per-customer 'crypto-shredding' deletion works.

What a strong answer looks like

Clarify scale and constraints first. Propose a clean component breakdown, then go deep on the hard parts — data model, bottlenecks, consistency, failure modes — and name the trade-offs you are making.

Narrate your design
Loading whiteboard…
Run or narrate your approach, then ask the coach.