Exam Professional Cloud Architect topic 1 question 29 discussion

Google Secret Management was designed explicitly for this purpose.

C is the answer, since key management systems generate, use, rotate, encrypt, and destroy cryptographic keys and manage permissions to those keys. A is incorrect because storing credentials in source code and source control is discoverable, in plain text, by anyone with access to the source code. This also introduces the requirement to update code and do a deployment each time the credentials are rotated. B is not correct because consistently populating environment variables would require the credentials to be available, in plain text, when the session is started. D is incorrect because instead of managing access to the config file and updating manually as keys are rotated, it would be better to leverage a key management system. Additionally, there is increased risk if the config file contains the credentials in plain text.

1. Centralized and Secure Storage: Secret management systems like HashiCorp Vault, AWS Secrets Manager, or Google Cloud Secret Manager provide a centralized and secure location to store sensitive credentials. This ensures that database credentials are not scattered across multiple microservices or configuration files. 2. Access Control: Secret management systems offer fine-grained access control, allowing you to restrict access to secrets based on roles and permissions. This ensures that only authorized microservices and users can access the database credentials. 3. Rotation and Auditing: These systems often provide features for automatic secret rotation and auditing, which helps improve security and compliance. 4. Integration: Secret management systems can integrate with your deployment pipelines and orchestration tools, making it easier to manage secrets throughout the application lifecycle.

Other options are not best practices.

Need to use key management system for this usecase since other options are not secure.

C is correct

C. In a secret management system It is important to store the credentials for your database back-end securely in order to protect them from unauthorized access. One way to do this is by using a secret management system, such as Google Cloud's Secret Manager. Secret Manager is a secure and convenient storage system for API keys, passwords, and other sensitive data that is designed to protect against unauthorized access. By storing the credentials in Secret Manager, you can ensure that they are kept secure and can be easily accessed by your microservices as needed. Storing the credentials in the source code, an environment variable, or a config file that has restricted access through ACLs may not provide the same level of security as a dedicated secret management system. It is important to ensure that your credentials are stored in a secure and controlled manner to protect against unauthorized access.

C is correct; If credential then always use secret manager.

C is ok

secret manager is the answer

C is right

answer is C

Use Google Secret Manager

C is correct

Go for C

C is the right answer

Google Practice exam question with option C : In a key management system C is correct because key management systems generate, use, rotate, encrypt, and destroy cryptographic keys and manage permissions to those keys. https://cloud.google.com/kms/ For this question, refer to the Mountkirk Games case study.