Key management covers the entire lifecycle: generation → distribution → storage → rotation → revocation → destruction. Weakest link in encryption implementations.
Encrypting data is useless if keys are stored next to the data. Key rotation limits damage from key compromise. Key escrow allows recovery. Hardware (HSM/TPM) provides secure key storage.