Your application artifacts are being built and deployed via a CI/CD pipeline. You want the CI/CD pipeline to securely access application secrets. You also want to more easily rotate secrets in case of a security breach. What should you do?
A.
Prompt developers for secrets at build time. Instruct developers to not store secrets at rest.
B.
Store secrets in a separate configuration file on Git. Provide select developers with access to the configuration file.
C.
Store secrets in Cloud Storage encrypted with a key from Cloud KMS. Provide the CI/CD pipeline with access to Cloud KMS via IAM.
D.
Encrypt the secrets and store them in the source code repository. Store a decryption key in a separate repository and grant your pipeline access to it.
The best option for securing application secrets while making it easier to rotate them in case of a security breach would be:
C. Store secrets in Cloud Storage encrypted with a key from Cloud KMS. Provide the CI/CD pipeline with access to Cloud KMS via IAM.
By storing secrets in Cloud Storage, you can take advantage of the security features provided by the platform and encrypt them using Cloud KMS, a GCP service that allows you to create, manage, and use encryption keys. This way you can control who has access to the secrets, and you can easily rotate the encryption keys in case of a security breach. Additionally, you can use IAM to give the CI/CD pipeline the necessary permissions to access the secrets and use them during the deployment process, without the need to store them in the source code or give access to them to specific developers.
Ans: C
Exam passed and taken on 19/12/2022, 50/50 from this dump without buying the full access and looking for 'devops' word here: https://www.examtopics.com/discussions/google/1/
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
driftwood
Highly Voted 3 years, 2 months agoCharun
Highly Voted 3 years, 4 months agohabla2019pasta
Most Recent 5 months, 2 weeks agojomonkp
11 months agocalex1
1 year, 1 month agoJonathanSJ
1 year, 9 months agofloppino
1 year, 10 months agoGCP72
2 years, 3 months agovijaigcp
2 years, 9 months agocyrus86
2 years, 9 months agoalaahakim
2 years, 10 months agoakg001
3 years, 4 months agodevopsbatch
3 years, 4 months ago