The security of computing resources and associated data is of high importance in many contexts. As an example, organizations often utilize networks of computing devices to provide a robust set of services to their users. Networks often span multiple geographic boundaries and often connect with other networks. An organization, for example, may support its operations using both internal networks of computing resources and computing resources managed by others. Computers of the organization, for instance, may communicate with computers of other organizations to access and/or provide data while using services of another organization. In many instances, organizations configure and operate remote networks using hardware managed by other organizations, thereby reducing infrastructure costs and achieving other advantages. With such configurations of computing resources, ensuring that access to the resources and the data they hold is secure can be challenging, especially as the size and complexity of such configurations grow.
Encryption, for example, is used extensively for the purpose of preventing unauthorized access to data. Generally, a cryptographic key is used to reversibly transform data to a state where information is both computationally and humanly unascertainable without access to the cryptographic key or without extraordinary measures (e.g., a cryptographic attack). The storage of cryptographic keys used for encryption can present competing goals. For example, durable storage of a cryptographic key is generally desired so that, if a computer system malfunctions or otherwise loses access to the cryptographic key, the cryptographic key can be recovered and data encrypted under the cryptographic key is recoverable. On the other hand, in some circumstances, it is desirable to be able to destroy a cryptographic key so that the cryptographic key cannot be used to access data encrypted under the cryptographic key. Destruction of a cryptographic key, however, can be difficult. Conventional delete operations may, for example, leave a copy of the cryptographic key in a computer system's memory, at least for some amount of time, thereby leaving the cryptographic key accessible with access to the contents of the memory. Generally, the more durably a cryptographic key is stored, the more difficult destroying the key becomes.