
Explanation:
Secret Manager with referenced secrets (volume mount or env) and least-privilege access via SA is secure and recommended. Baking in image or plain env vars expose secrets, public GCS insecure.
Ultimate access to all questions.
Your app needs config secrets (DB password) at runtime on Cloud Run. Recommended approach?
A
Bake them into the container image
B
Plain env vars in the service YAML
C
Reference secrets from Secret Manager (mounted or as env vars) with the service's SA granted secretmanager.secretAccessor
D
A public GCS object
No comments yet.