Keys simply need to be properly managed
By this logic, we should immediately can all password managers. Vaults with codes that store master passwords to servers and systems should be destroyed and those codes given out to separate individuals to avoid the weakness of a single link. Banks should go too, because you shouldn't put your money in one place and make an obvious target simply waiting to be robbed.
Failure to manage a significant key means you alter what the key does, what the scope of the key should contain and how access to it is known and controlled. It does not validate that no backup should exist.
Biting the hand that feeds IT
