Google Professional Cloud Developer
Get started today
Ultimate access to all questions.
You are developing an application with multiple microservices deployed in a Google Kubernetes Engine (GKE) cluster. One microservice requires a connection to an on-premises third-party database. How should you securely store and manage the database credentials while enabling credential rotation in alignment with security best practices?
You are developing an application with multiple microservices deployed in a Google Kubernetes Engine (GKE) cluster. One microservice requires a connection to an on-premises third-party database. How should you securely store and manage the database credentials while enabling credential rotation in alignment with security best practices?
Explanation:
The question focuses on securely storing and rotating credentials for a third-party database. Kubernetes Secrets are the recommended way to handle such sensitive data. However, using Google Cloud Key Management Service (KMS) for encryption ensures that the Secrets are encrypted with a managed key, adhering to security best practices. This setup allows credentials to be rotated by updating the Secret while leveraging Cloud KMS for encryption lifecycle management. Options A and C involve less secure storage methods (sidecar containers or volumes) without built-in key rotation. Option B relates to network traffic control, not credential management.