To securely add a secret to your containerized application running in a Google Kubernetes Engine (GKE) cluster, what is the recommended approach?

Exam-Like

Create a Kubernetes Secret, and pass the Secret as an environment variable to the container.

13.3%

Enable Application-layer Secret Encryption on the cluster using a Cloud Key Management Service (KMS) key.

6.7%

Store the credential in Cloud KMS. Create a Google service account (GSA) to read the credential from Cloud KMS. Export the GSA as a .json file, and pass the .json file to the container as a volume which can read the credential from Cloud KMS.

6.7%

Store the credential in Secret Manager. Create a Google service account (GSA) to read the credential from Secret Manager. Create a Kubernetes service account (KSA) to run the container. Use Workload Identity to configure your KSA to act as a GSA.

73.3%

Google Professional Cloud Developer

Get started today

Comments

To securely add a secret to your containerized application running in a Google Kubernetes Engine (GKE) cluster, what is the recommended approach?