A retail company uses ephemeral tasks in a hosted microservices framework to process transactions. Development teams are concerned about storing secrets. Which measure is the best approach to protect sensitive details in this system?
Use environment variables for confidential data in ephemeral tasks
Encode secret files within the container repository before deployment
Require ephemeral tasks to include transaction details in logs
Adopt an external vault that supplies secrets dynamically at runtime
Using a dedicated vault to provide restricted secrets at runtime helps ensure that sensitive content is not stored within ephemeral processes or container images. Embedding confidential data in environment variables or container repositories can expose it to logs or unauthorized retrieval. Logging these details introduces additional risks by retaining records that may be accessed later.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an external vault, and how does it provide secrets dynamically?
Open an interactive chat with Bash
Why is it risky to store secrets in environment variables or container repositories?
Open an interactive chat with Bash
What are ephemeral tasks, and why do they require different secret management approaches?