Answer-first summary for fast verification
Answer: Create a secret via the CLI and configure secret rotation. Store the credentials in the secret, Configure the application to get the credentials from Secrets Manager using secret versions and update the secret version used by the application after every rotation and disable previous versions.
The correct approach is to use secret rotation policies, which can only be configured through the API or gcloud commands. Storing credentials in the application code or injecting them via CI/CD pipelines is not recommended as it compromises security. Additionally, secret rotation cannot be configured via the console, making the CLI method the best practice. For more details, refer to the documentation on secret rotation.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
Imagine you're developing a mobile application for a financial institution where frequent password changes are a key security requirement. The application consists of a frontend on Google Kubernetes Engine and a database on Google Cloud SQL. How can you securely pass database credentials to the application at runtime while adhering to the security requirement, following best practices?
A
Use the CI/CD pipeline to inject the credentials into the application at deployment
B
Store the credentials in the application code and update it as needed by releasing new versions/updates to the application.
C
Create a secret via the console and configure secret rotation. Store the credentials in the secret. Configure the application to get the credentials from Secrets Manager using secret versions and update the secret version used by the application after every rotation and disable previous versions.
D
Create a secret via the CLI and configure secret rotation. Store the credentials in the secret, Configure the application to get the credentials from Secrets Manager using secret versions and update the secret version used by the application after every rotation and disable previous versions.
No comments yet.