Answer-first summary for fast verification
Answer: Store the password in Secret Manager and mount the secret as a volume within the application.
To meet the requirements of rotating passwords every 24 hours without downtime, the best approach is to use Google Cloud's Secret Manager for secure storage and management of the password. Option A suggests using environment variables to pass the secret to the application, which is a valid method but may not be as secure or flexible as mounting the secret as a volume (Option B). Option B is preferable because mounting secrets as volumes allows the application to dynamically access the latest secret without requiring a restart or redeployment, thus ensuring no downtime. Option C involves embedding the password at build time, which does not meet the requirement for dynamic password rotation without downtime. Option D is insecure as it involves storing passwords directly in the code and would require rebuilding and redeploying the application for each password change, leading to potential downtime.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
You are deploying an application to Cloud Run that requires a password to start. Your organization mandates password rotation every 24 hours, and your application must always use the latest password without any downtime during deployment. What is the recommended approach to achieve this?
A
Store the password in Secret Manager and send the secret to the application by using environment variables.
B
Store the password in Secret Manager and mount the secret as a volume within the application.
C
Use Cloud Build to add your password into the application container at build time. Ensure that Artifact Registry is secured from public access.
D
Store the password directly in the code. Use Cloud Build to rebuild and deploy the application each time the password changes.