Topic 1 Question 150
You are deploying an application to Cloud Run. The application requires a password to start. Your organization requires that all passwords are rotated every 24 hours, and your application must have the latest password. You need to deploy the application with no downtime. What should you do?
Store the password in Secret Manager and send the secret to the application by using environment variables.
Store the password in Secret Manager and mount the secret as a volume within the application.
Use Cloud Build to add your password into the application container at build time. Ensure that Artifact Registry is secured from public access.
Store the password directly in the code. Use Cloud Build to rebuild and deploy the application each time the password changes.
ユーザの投票
コメント(7)
- 正解だと思う選択肢: B
Answer is B: https://cloud.google.com/run/docs/configuring/services/secrets "Mount each secret as a volume, which makes the secret available to the container as files. Reading a volume always fetches the secret value from Secret Manager, so it can be used with the latest version. This method also works well with secret rotation."
👍 8lelele20232023/11/01 - 正解だと思う選択肢: B👍 3ABZ102023/10/27
- 正解だと思う選択肢: B
You can make a secret available to your containers in either of two ways:
Mount each secret as a volume, which makes the secret available to the container as files. Reading a volume always fetches the secret value from Secret Manager, so it can be used with the latest version. This method also works well with secret rotation. Pass a secret using environment variables. Environment variables are resolved at instance startup time, so if you use this method, Google recommends that you pin the secret to a particular version rather than using latest. https://cloud.google.com/run/docs/configuring/services/secrets
👍 3mshafa2023/11/04
シャッフルモード