Answer-first summary for fast verification
Answer: Store the credentials as a Kubernetes Secret, and use the Cloud Key Management Service plugin to handle encryption and decryption.
The question focuses on securely storing and rotating credentials for a third-party database. Kubernetes Secrets are the recommended way to handle such sensitive data. However, using Google Cloud Key Management Service (KMS) for encryption ensures that the Secrets are encrypted with a managed key, adhering to security best practices. This setup allows credentials to be rotated by updating the Secret while leveraging Cloud KMS for encryption lifecycle management. Options A and C involve less secure storage methods (sidecar containers or volumes) without built-in key rotation. Option B relates to network traffic control, not credential management.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
You are developing an application with multiple microservices deployed in a Google Kubernetes Engine (GKE) cluster. One microservice requires a connection to an on-premises third-party database. How should you securely store and manage the database credentials while enabling credential rotation in alignment with security best practices?
A
Store the credentials in a sidecar container proxy, and use it to connect to the third-party database.
B
Configure a service mesh to allow or restrict traffic from the Pods in your microservice to the database.
C
Store the credentials in an encrypted volume mount, and associate a Persistent Volume Claim with the client Pod.
D
Store the credentials as a Kubernetes Secret, and use the Cloud Key Management Service plugin to handle encryption and decryption.