Code Room
System designHard
Question
Design an encryption-at-rest and key-management system for a platform storing billions of customer records, where each customer wants their own encryption key (so you can cryptographically delete a customer by destroying their key), keys must rotate without re-encrypting petabytes of data, and a compromised key must be revocable. Throughput: 200K encrypt/decrypt ops/sec. Walk through the key hierarchy, how rotation works without rewriting all data, and how per-customer 'crypto-shredding' deletion works.
What a strong answer looks like
Clarify scale and constraints first. Propose a clean component breakdown, then go deep on the hard parts — data model, bottlenecks, consistency, failure modes — and name the trade-offs you are making.
Learn the concepts
Loading whiteboard…
Run or narrate your approach, then ask the coach.