Answer-first summary for fast verification
Answer: Use Cloud Key Management Service (Cloud KMS) to encrypt the secrets and include them in your Cloud Build deployment configuration. Grant Cloud Build access to the KeyRing.
The correct approach is to use Cloud Key Management Service (Cloud KMS) to encrypt the secrets and include them in your Cloud Build deployment configuration, then grant Cloud Build access to the KeyRing. This method leverages a managed service for encryption keys, minimizing development effort and securely managing secrets. Other options either require custom tooling or do not utilize managed services, increasing development effort and complexity. Reference: [Google Cloud Build Documentation](https://cloud.google.com/build/docs/securing-builds/use-encrypted-credentials#configuring_builds_to_use_encrypted_data).
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
You are using Cloud Build to build and deploy your application and need to securely incorporate database credentials and other application secrets into the build pipeline with minimal development effort. What is the best approach?
A
Encrypt the secrets and store them in the application repository. Store a decryption key in a separate repository and grant Cloud Build access to the repository.
B
Use client-side encryption to encrypt the secrets and store them in a Cloud Storage bucket. Store a decryption key in the bucket and grant Cloud Build access to the bucket.
C
Create a Cloud Storage bucket and use the built-in encryption at rest. Store the secrets in the bucket and grant Cloud Build access to the bucket.
D
Use Cloud Key Management Service (Cloud KMS) to encrypt the secrets and include them in your Cloud Build deployment configuration. Grant Cloud Build access to the KeyRing.