Answer-first summary for fast verification
Answer: Use Cloud Key Management Service (Cloud KMS) to encrypt the secrets and include them in your Cloud Build deployment configuration. Grant Cloud Build access to the KeyRing.
This approach is correct because Cloud KMS offers secure encryption and decryption of application secrets. It seamlessly integrates with Cloud Build pipelines by allowing the service access to the KeyRing, thus minimizing development effort. This method ensures that credentials are securely stored and readily accessible when required.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
What is the optimal method to securely incorporate database credentials and other application secrets into your Cloud Build process while minimizing development effort?
A
Encrypt the secrets and store them in the application repository. Store a decryption key in a separate repository and grant Cloud Build access to the repository.
B
Use client-side encryption to encrypt the secrets and store them in a Cloud Storage bucket. Store a decryption key in the bucket and grant Cloud Build access to the bucket.
C
Create a Cloud Storage bucket and use the built-in encryption at rest. Store the secrets in the bucket and grant Cloud Build access to the bucket.
D
Use Cloud Key Management Service (Cloud KMS) to encrypt the secrets and include them in your Cloud Build deployment configuration. Grant Cloud Build access to the KeyRing.