GitHub Actions Certification — Question 11

As a developer, you need to use GitHub Actions to deploy a microservice that requires runtime access to a secure token. This token is used by a variety of other microservices managed by different teams in different repos. To minimize management overhead and ensure the token is secure, which mechanisms should you use to store and access the token? (Choose two.)

Answer options

• A. Store the token in a configuration file in a private repository. Use GitHub Actions to deploy the configuration file to the runtime environment.
• B. Store the token as a GitHub encrypted secret in the same repo as the code. Create a reusable custom GitHub Action to access the token by the microservice at runtime.
• C. Use a corporate non-GitHub secret store (e.g., HashiCorp Vault) to store the token. During deployment, use GitHub Actions to store the secret in an environment variable that can be accessed at runtime.
• D. Store the token as a GitHub encrypted secret in the same repo as the code. During deployment, use GitHub Actions to store the secret in an environment variable that can be accessed at runtime.
• E. Store the token as an organizational-level encrypted secret in GitHub. During deployment, use GitHub Actions to store the secret in an environment variable that can be accessed at runtime.

Correct answer: C, E

Explanation

The correct answers are C and E because they both utilize secure methods for storing and accessing the token without increasing management overhead. Option C uses an external secret management system, which is a best practice for sensitive information, while option E leverages organizational-level encrypted secrets for broader accessibility across multiple repositories. The other options fail to provide sufficient security or manageability for the token.