Answer: Create a service account that has permission to access the database. Configure Cloud Build to use this service account and execute the schema migration script in a private pool., Add the database username and password to Secret Manager. When running the schema migration script, retrieve the username and password from Secret Manager.

To follow Google-recommended security practices for running a database schema migration in your CI/CD pipeline using Cloud Build, the best approach involves minimizing exposure and using secure methods for authentication and access. Option A suggests using a Cloud Build private pool with a static external IP address, which is not the most secure method as it exposes the database to the internet, even if restricted to a specific IP. Option B recommends creating a service account with the necessary permissions and using it within a private pool, which is a secure method as it leverages Google's IAM for authentication without exposing the database to external threats. Option C involves using Secret Manager for storing and retrieving database credentials, which is a secure practice for handling sensitive information. Option D is less secure as it involves storing credentials in an application configuration file, which is not recommended. Therefore, the correct answers are B and C, as they both adhere to Google-recommended security practices by using service accounts for authentication and Secret Manager for credential management.

Author: LeetQuiz Editorial Team