Answer-first summary for fast verification
Answer: Encrypt the secrets with a Customer-Managed Encryption Key (CMEK), and store them in Cloud Storage.
The question asks for a Google Cloud Platform solution to avoid storing plain-text secrets in source code management. Among the given options, B is the only viable choice as it involves encrypting secrets with a Customer-Managed Encryption Key (CMEK) and storing them in Cloud Storage, which provides encryption and secure storage. The community discussion strongly supports B (100% consensus) but notes that Secret Manager would be the preferred modern solution if available. Option A (Cloud Source Repositories with Cloud SQL) is insecure as it doesn't address encryption. Option C (Cloud DLP with Cloud SQL) is misaligned as DLP scans for sensitive data but doesn't securely store secrets. Option D (Compute Engine VM with local SSDs) is impractical and insecure due to ephemeral storage and lack of managed security.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A customer wants to avoid storing plain-text secrets in their source code management (SCM) system. How can they accomplish this using Google Cloud Platform?
A
Use Cloud Source Repositories, and store secrets in Cloud SQL.
B
Encrypt the secrets with a Customer-Managed Encryption Key (CMEK), and store them in Cloud Storage.
C
Run the Cloud Data Loss Prevention API to scan the secrets, and store them in Cloud SQL.
D
Deploy the SCM to a Compute Engine VM with local SSDs, and enable preemptible VMs.