An automated encryption system to: store a first key policy in association with a first key, and a second key policy in association with a second key; determine that a remote machine stores a first application that is affected by the first key policy and a second application affected by the second key policy, wherein the first application utilizes the first key to encrypt first data, and the second application utilizes the second key to encrypt second data; determine that the first key of the first application is non-compliant with the first key policy; send a request to deploy a third key in response to determining that the first key of the first application is non-compliant with the first key policy; and receive a response that includes a result of the request to deploy the third key.