How should secrets be secured in deployments?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the MP Deployment Exam with multiple choice questions, hints, and explanations. Test your knowledge and ensure you're ready to succeed!

Multiple Choice

How should secrets be secured in deployments?

Explanation:
Handling secrets securely means using a dedicated secret management system rather than baking them into code or sharing them through chat. Embedding secrets in deployment manifests or environment variables ties them to code and builds, making them easy to leak through version history, image layers, or logs. Sharing secrets via chat apps is unsafe and hard to audit, since messages can be copied, forwarded, or exposed to the wrong people. Storing secrets in a public or even restricted repository is risky because accidental exposure, backups, or misconfigurations can reveal them. A vault or managed secret service provides centralized, encrypted storage for credentials, API keys, and tokens. It supports encryption in transit and at rest, strict access controls, and full auditing. Importantly, it enables automatic rotation and the use of dynamic or short‑lived secrets, so compromised credentials have a limited window of usefulness. This setup integrates with deployments to fetch secrets securely at runtime, reducing blast radius and improving security posture. So the best approach is to rely on vaults or managed secret services with encryption, access controls, and rotation.

Handling secrets securely means using a dedicated secret management system rather than baking them into code or sharing them through chat. Embedding secrets in deployment manifests or environment variables ties them to code and builds, making them easy to leak through version history, image layers, or logs. Sharing secrets via chat apps is unsafe and hard to audit, since messages can be copied, forwarded, or exposed to the wrong people. Storing secrets in a public or even restricted repository is risky because accidental exposure, backups, or misconfigurations can reveal them.

A vault or managed secret service provides centralized, encrypted storage for credentials, API keys, and tokens. It supports encryption in transit and at rest, strict access controls, and full auditing. Importantly, it enables automatic rotation and the use of dynamic or short‑lived secrets, so compromised credentials have a limited window of usefulness. This setup integrates with deployments to fetch secrets securely at runtime, reducing blast radius and improving security posture.

So the best approach is to rely on vaults or managed secret services with encryption, access controls, and rotation.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy