A developer is automating the deployment of resources in the cloud using a script. To comply with best practices for security, which approach should the developer use to handle credentials required by the script to authenticate with the cloud service provider's API?
You selected this option
Use a password vault to store credentials and access them dynamically when the script runs.
You selected this option
Store the password in environment variables and retrieve it within the script at runtime.
You selected this option
Embed the password in a configuration file that the script can read from during execution.
You selected this option
Retain the credentials within the script but encrypt them before storing.
Using password vaults is the correct answer because they offer a secure method for storing and managing credentials. Scripts can programmatically retrieve the necessary passwords or secrets at runtime, which minimizes the risks associated with hardcoded credentials. Hardcoded passwords are a security risk, and using configuration files or environment variables to store them could still expose the credentials if not properly protected.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a password vault and how does it work?
Open an interactive chat with Bash
What are the risks of hardcoding credentials in scripts?
Open an interactive chat with Bash
What are the best practices for securely handling credentials in cloud automation?