I see that in several training quizzes the “correct” answer is to store encrypted data where somebody could copy it and save it, when it can be done so that the encrypted data is only in RAM and then (hopefully) deleted after it is no longer used. In this example it was sensitive data used to bootstrap an EC2 instance. The recommendation was to store the data with the image. Who knows how easy it will be after 20 years or 50 years to break that encryption? If someone has the encrypted file and after a long time technology will be quite difficult to withstand any new code breaking technology, similar to how easy it is today to break the DES from 1970s.