Answer-first summary for fast verification
Answer: Store secrets in Cloud Storage encrypted with a key from Cloud KMS. Grant the CI/CD pipeline access to Cloud KMS through IAM.
This approach is correct because Google Cloud offers a secure method for storing and rotating secrets by encrypting them in Cloud Storage with a key from Cloud KMS. By enabling the CI/CD pipeline to access Cloud KMS via IAM, application secrets can be securely accessed and rotated in the event of a security breach.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
To ensure secure access to application secrets and facilitate their rotation in case of a security breach, leveraging a CI/CD pipeline for building and deploying application artifacts is recommended. What is the optimal method to achieve this?
A
Encrypt secrets and store them in the source code repository. Keep the decryption key in a separate repository and provide your pipeline access to it.
B
Place secrets in a distinct configuration file in Git. Grant certain developers access to the configuration file.
C
Request secrets from developers during the build process. Advise developers not to store secrets when idle.
D
Store secrets in Cloud Storage encrypted with a key from Cloud KMS. Grant the CI/CD pipeline access to Cloud KMS through IAM.
No comments yet.