You use Cloud Build to build and deploy your application. You want to securely incorporate database credentials and other application secrets into the build pipeline. You also want to minimize the development effort. What should you do?
A.
Create a Cloud Storage bucket and use the built-in encryption at rest. Store the secrets in the bucket and grant Cloud Build access to the bucket.
B.
Encrypt the secrets and store them in the application repository. Store a decryption key in a separate repository and grant Cloud Build access to the repository.
C.
Use client-side encryption to encrypt the secrets and store them in a Cloud Storage bucket. Store a decryption key in the bucket and grant Cloud Build access to the bucket.
D.
Use Cloud Key Management Service (Cloud KMS) to encrypt the secrets and include them in your Cloud Build deployment configuration. Grant Cloud Build access to the KeyRing.
D. Use Cloud Key Management Service (Cloud KMS) to encrypt the secrets and include them in your Cloud Build deployment configuration. Grant Cloud Build access to the KeyRing. This option allows you to use Google-managed encryption and access controls, and it also minimizes the development effort required to securely incorporate the secrets into the build pipeline.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
TNT87
Highly Voted 2 years, 5 months agojomonkp
Most Recent 4 months, 4 weeks agomaxdanny
5 months, 2 weeks agoJonathanSJ
1 year, 3 months agozellck
1 year, 6 months agossmb
1 year, 6 months agoFunkyB
1 year, 10 months agoemdee202
2 years agoSekierer
2 years, 3 months agoAlaaelanwr
2 years, 6 months ago