Topic 1 Question 33
Your application artifacts are being built and deployed via a CI/CD pipeline. You want the CI/CD pipeline to securely access application secrets. You also want to more easily rotate secrets in case of a security breach. What should you do?
Prompt developers for secrets at build time. Instruct developers to not store secrets at rest.
Store secrets in a separate configuration file on Git. Provide select developers with access to the configuration file.
Store secrets in Cloud Storage encrypted with a key from Cloud KMS. Provide the CI/CD pipeline with access to Cloud KMS via IAM.
Encrypt the secrets and store them in the source code repository. Store a decryption key in a separate repository and grant your pipeline access to it.
ユーザの投票
コメント(10)
C is the "best" from the choices given
👍 13driftwood2021/08/10Answer C
👍 6Charun2021/06/28answer C storing secrets in cloud is better option
👍 4devopsbatch2021/06/02
シャッフルモード