Answer-first summary for fast verification
Answer: Save the API key in Secret Manager as a secret. Reference the secret as an environment variable in the Cloud Run application.
The recommended practice for securely storing and using sensitive information like API keys in Google Cloud is to use Secret Manager. Secret Manager provides a secure and convenient way to store API keys, passwords, and other sensitive data. It allows you to reference secrets as environment variables in your Cloud Run application, which is both secure and easy to manage. Option A correctly describes this approach. Option B suggests mounting the secret key under a directory, which is not necessary and complicates the process without adding security benefits. Options C and D involve using Cloud KMS, which is more suited for encryption keys rather than storing API keys directly. Cloud KMS can be used to encrypt data, but for API keys, Secret Manager is the more straightforward and recommended solution.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
You are developing an application on Cloud Run that requires access to a third-party API using an API key. Following Google's recommended security practices, how should you securely store and utilize this API key in your application?
A
Save the API key in Secret Manager as a secret. Reference the secret as an environment variable in the Cloud Run application.
B
Save the API key in Secret Manager as a secret key. Mount the secret key under the /sys/api_key directory, and decrypt the key in the Cloud Run application.
C
Save the API key in Cloud Key Management Service (Cloud KMS) as a key. Reference the key as an environment variable in the Cloud Run application.
D
Encrypt the API key by using Cloud Key Management Service (Cloud KMS), and pass the key to Cloud Run as an environment variable. Decrypt and use the key in Cloud Run.
No comments yet.