How can you securely access application secrets in your CI/CD pipeline while enabling easier secret rotation in the event of a security breach?

Exam-Like

Prompt developers for secrets at build time. Instruct developers to not store secrets at rest.

Store secrets in a separate configuration file on Git. Provide select developers with access to the configuration file.

Store secrets in Cloud Storage encrypted with a key from Cloud KMS. Provide the CI/CD pipeline with access to Cloud KMS via IAM.

Encrypt the secrets and store them in the source code repository. Store a decryption key in a separate repository and grant your pipeline access to it.

Google Professional Cloud DevOps Engineer

Get started today

Comments

How can you securely access application secrets in your CI/CD pipeline while enabling easier secret rotation in the event of a security breach?