ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud DevOps Engineer All Questions

View all questions & answers for the Professional Cloud DevOps Engineer exam
Go to Exam

Exam Professional Cloud DevOps Engineer topic 1 question 122 discussion

Actual exam question from Google's Professional Cloud DevOps Engineer
Question #: 122
Topic #: 1
[All Professional Cloud DevOps Engineer Questions]

You are building an application that runs on Cloud Run. The application needs to access a third-party API by using an API key. You need to determine a secure way to store and use the API key in your application by following Google-recommended practices. What should you do?

  • A. Save the API key in Secret Manager as a secret. Reference the secret as an environment variable in the Cloud Run application.
  • B. Save the API key in Secret Manager as a secret key. Mount the secret key under the /sys/api_key directory, and decrypt the key in the Cloud Run application.
  • C. Save the API key in Cloud Key Management Service (Cloud KMS) as a key. Reference the key as an environment variable in the Cloud Run application.
  • D. Encrypt the API key by using Cloud Key Management Service (Cloud KMS), and pass the key to Cloud Run as an environment variable. Decrypt and use the key in Cloud Run.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by PrayasMohanty at Oct. 5, 2023, 10:30 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
alpha_canary
11 months ago
Selected Answer: A
https://cloud.google.com/run/docs/configuring/services/secrets#access-secrets:~:text=Pass%20a%20secret%20using%20environment%20variables.%20Environment%20variables%20are%20resolved%20at%20instance%20startup%20time%2C%20so%20if%20you%20use%20this%20method%2C%20Google%20recommends%20that%20you%20pin%20the%20secret%20to%20a%20particular%20version%20rather%20than%20using%20latest.
upvoted 1 times
...
xhilmi
1 year, 1 month ago
Selected Answer: A
The recommended solution is (option A) Save the API key in Secret Manager as a secret and reference the secret as an environment variable in the Cloud Run application. This approach aligns with Google-recommended practices for securely managing sensitive information. Secret Manager provides a centralized and secure storage for secrets, allowing you to store and retrieve the API key. Referencing the secret as an environment variable in the Cloud Run application ensures that the key remains confidential and is easily accessible without exposing it directly in the code. It enhances security by separating sensitive information from the application logic and adheres to best practices for secure credential management in a cloud environment.
upvoted 3 times
...
lelele2023
1 year, 2 months ago
Selected Answer: A
A is answer. B is wrong because: Cloud Run does not allow you to mount secrets at /dev, /proc and /sys, or on their subdirectories.
upvoted 3 times
...
mshafa
1 year, 2 months ago
A is answer.
upvoted 1 times
...
Jason_Cloud_at
1 year, 2 months ago
Selected Answer: A
It should be A
upvoted 2 times
...
nhiguchi
1 year, 2 months ago
Selected Answer: A
Answer should be A
upvoted 1 times
...
PrayasMohanty
1 year, 3 months ago
A is the right answer as per my openion
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel