A company's application is deployed with a user-managed Service Account key. You want to use Google-recommended practices to rotate the key. What should you do?
A.
Open Cloud Shell and run gcloud iam service-accounts enable-auto-rotate --iam-account=IAM_ACCOUNT.
B.
Open Cloud Shell and run gcloud iam service-accounts keys rotate --iam-account=IAM_ACCOUNT --key=NEW_KEY.
C.
Create a new key, and use the new key in the application. Delete the old key from the Service Account.
D.
Create a new key, and use the new key in the application. Store the old key on the system as a backup key.
C is correct. As explained, You can rotate a key by creating a new key, updating applications to use the new key, and deleting the old key. Use the serviceAccount.keys.create() method and serviceAccount.keys.delete() method together to automate the rotation.
https://cloud.google.com/iam/docs/creating-managing-service-account-keys#deleting_service_account_keys
B is correct. for C creating a new key and deleting the old one from the Service Account, is not recommended. Deleting the old key without replacing it could prevent your application from authenticating and accessing resources.
If you keep the old key active, then your rotate is worthless (because anyone could still use the old key)
C is the solution: rotate and destroy the previous key
The correct answer is C. Create a new key, and use the new key in the application. Delete the old key from the Service Account.
Google recommends that you rotate user-managed service account keys every 90 days or less. This helps to reduce the risk of unauthorized access to your resources if the key is compromised.
The recommended practice to rotate a user-managed Service Account key in GCP is to create a new key and use it in the application while keeping the old key for a specified period as a backup key. This helps to ensure that the application's service account always has a valid key and that there is no service disruption during the key rotation process. Therefore, the correct answer is option D.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
mdc
Highly Voted 3 years, 4 months agoaliounegdiop
Most Recent 1 year, 1 month agoaliounegdiop
1 year, 1 month agoeeghai7thioyaiR4
6 months ago[Removed]
1 year, 3 months ago[Removed]
1 year, 3 months ago[Removed]
1 year, 3 months agomegalucio
1 year, 3 months agoamanshin
1 year, 3 months agogcpengineer
1 year, 5 months agogcpengineer
1 year, 5 months agoaashissh
1 year, 6 months agoGCP72
2 years, 1 month agoabsipat
2 years, 4 months agoDebasishLowes
3 years, 7 months ago[Removed]
3 years, 12 months agoArizonaClassics
4 years, 2 months agoaiwaai
4 years, 2 months ago