Google Professional Cloud DevOps Engineer
Get started today
Ultimate access to all questions.
Ultimate access to all questions.
You are developing a mobile application for a financial institution with a key security requirement to frequently change application passwords. The application consists of a frontend on Google Kubernetes Engine and a database on Google Cloud SQL. How can you securely pass database credentials to the application at runtime while meeting the security requirement, following best practices?
Explanation:
Options A and B are incorrect as they do not follow best practices. Storing credentials in the application or injecting them via CI/CD pipeline is not recommended because it means the credentials are stored in the application code. Option C is incorrect because secret rotation cannot be configured via the console. Option D is correct because secret rotation policies can only be implemented through the API or gcloud commands. Reference: Google Cloud Secret Manager Documentation.