Answer-first summary for fast verification
Answer: Create a secret via the CLI and configure secret rotation. Store the credentials in the secret. Configure the application to get the credentials from Secrets Manager using secret versions and update the secret version used by the application after every rotation and disable previous versions.
Options A and B are incorrect as they do not follow best practices. Storing credentials in the application or injecting them via CI/CD pipeline is not recommended because it means the credentials are stored in the application code. Option C is incorrect because secret rotation cannot be configured via the console. Option D is correct because secret rotation policies can only be implemented through the API or gcloud commands. Reference: [Google Cloud Secret Manager Documentation](https://cloud.google.com/secret-manager/docs/secret-rotation).
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
You are developing a mobile application for a financial institution with a key security requirement to frequently change application passwords. The application consists of a frontend on Google Kubernetes Engine and a database on Google Cloud SQL. How can you securely pass database credentials to the application at runtime while meeting the security requirement, following best practices?
A
Store the credentials in the application code and update it as needed by releasing new versions/updates to the application.
B
Use the CI/CD pipeline to inject the credentials into the application at deployment.
C
Create a secret via the console and configure secret rotation. Store the credentials in the secret. Configure the application to get the credentials from Secrets Manager using secret versions and update the secret version used by the application after every rotation and disable previous versions.
D
Create a secret via the CLI and configure secret rotation. Store the credentials in the secret. Configure the application to get the credentials from Secrets Manager using secret versions and update the secret version used by the application after every rotation and disable previous versions.
No comments yet.