AWS Certified Developer – Associate (DVA-C02) — Question 17

A company wants to share information with a third party. The third party has an HTTP API endpoint that the company can use to share the information. The company has the required API key to access the HTTP API.
The company needs a way to manage the API key by using code. The integration of the API key with the application code cannot affect application performance.
Which solution will meet these requirements MOST securely?

Answer options

• A. Store the API credentials in AWS Secrets Manager. Retrieve the API credentials at runtime by using the AWS SDK. Use the credentials to make the API call.
• B. Store the API credentials in a local code variable. Push the code to a secure Git repository. Use the local code variable at runtime to make the API call.
• C. Store the API credentials as an object in a private Amazon S3 bucket. Restrict access to the S3 object by using IAM policies. Retrieve the API credentials at runtime by using the AWS SDK. Use the credentials to make the API call.
• D. Store the API credentials in an Amazon DynamoDB table. Restrict access to the table by using resource-based policies. Retrieve the API credentials at runtime by using the AWS SDK. Use the credentials to make the API call.

Correct answer: A

Explanation

Option A is the most secure solution as AWS Secrets Manager is designed specifically for managing sensitive information like API keys, allowing secure access without impacting performance. Option B is insecure because storing credentials in code, even in a repository, increases the risk of exposure. Option C, while somewhat secure, is less optimal compared to using Secrets Manager, and Option D does not provide the same level of security as Secrets Manager for API key management.