Exam CAS-004 topic 1 question 344 discussion

A. Use a secrets management tool. Secrets management tools provide a secure way to store and manage secrets, such as passwords, API keys, and encryption keys. They can be used to encrypt secrets at rest and in transit, and to rotate secrets on a regular basis. The other options are not as secure: B. Save secrets in key escrow: Key escrow is a process where the secrets are stored with a third party. This can be a security risk, as the third party could potentially access the secrets. C. Store the secrets inside the Dockerfiles: Storing secrets in the Dockerfiles is not secure, as the Dockerfiles are typically stored in a public repository. This means that anyone with access to the Dockerfiles could also access the secrets. D. Run all Dockerfiles in a randomized namespace: Running all Dockerfiles in a randomized namespace does not provide a way to store and manage secrets securely.

A. Use a secrets management tool. Secrets management tools, like HashiCorp Vault, AWS Secrets Manager, or Azure Key Vault, are designed to manage sensitive data like API keys, passwords, and certificates. Using such tools allows for centralized management, fine-grained access control, and audit logging.

A. Use a secrets management tool. In a containerized environment, it's best practice to use a secrets management tool to securely manage sensitive information like passwords, API keys, and other credentials. This allows for better security, easier rotation of credentials, and reduces the risk of exposing secrets in configuration files. Storing secrets in a dedicated tool designed for secure management helps protect against unauthorized access and ensures better overall security in the new system.