Reddit

In a Kubernetes Engine deployment, your engineers have hardcoded database credentials in the YAML configuration as shown below. What is Google's recommended best practice for handling sensitive information like this in Kubernetes?

apiVersion: "extensions/v1beta1"
kind: "Deployment"
metadata:
  name: "products-service"
  namespace: "default"
  labels:
    app: "products-service"
spec:
  replicas: 3
  selector:
    matchLabels:
      app: "products-service"
  template:
    metadata:
      labels:
        app: "products-service"
    spec:
      containers:
      - name: "products"
        image: "gcr.io/find-seller-app-dev/products:latest"
        env:
        - name: "database_user"
          value: "admin"
        - name: "database_password"
          value: "TheB3stP@ssW0rd"

apiVersion: "extensions/v1beta1"
kind: "Deployment"
metadata:
  name: "products-service"
  namespace: "default"
  labels:
    app: "products-service"
spec:
  replicas: 3
  selector:
    matchLabels:
      app: "products-service"
  template:
    metadata:
      labels:
        app: "products-service"
    spec:
      containers:
      - name: "products"
        image: "gcr.io/find-seller-app-dev/products:latest"
        env:
        - name: "database_user"
          value: "admin"
        - name: "database_password"
          value: "TheB3stP@ssW0rd"

Real Exam

Last updated: December 22, 2025 at 14:04

Mount the credentials in a volume.

0.0%

Store the credentials in a ConfigMap.

0.0%

Use an environment variable.

16.7%

Store the credentials in a Secret.

83.3%

Google Associate Cloud Engineer

Get started today

Comments