Scan attacks exploit facilities offered by scan chains to retrieve embedded secret data, in particular secret keys used in crypto-processors for encoding information in such a way that only knowledge of the secret key allows to access it. This paper presents a scan attack countermeasure based on the encryption of the scan chain content. The goal is to counteract the security threats and, at the same time, to preserve test efficiency, diagnosis and debugging abilities. We propose to use the secret-key management policy embedded in the device under test in order to encrypt both control and observed data at test time. This solution does not require additional key management, provides same test/diagnostic and debug facilities as under classical scan design with marginal impacts on area and test time.