A team is setting up multiple containers that launch frequently, and they wish to keep tokens concealed. Which method best helps protect these tokens in this dynamic environment?
Bundle them in the container’s application code
Store them in environment variables encoded with base64
Employ a specialized vault service that delivers them at startup
Refine firewall policies to prevent external scanning
A dedicated vault that provides short-lived tokens at startup is a strong choice for ensuring sensitive items are not stored in code or environment variables. This option integrates with container orchestration tools, limiting exposure by provisioning tokens on demand. Keeping data encoded with base64 does not adequately hide it. Embedding tokens in the container’s code renders them vulnerable. Modifying firewall rules does not inherently protect data within the container.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a vault service?
Open an interactive chat with Bash
Why is base64 encoding not secure for protecting tokens?
Open an interactive chat with Bash
How do container orchestration tools integrate with vault services?