Google Cloud Professional Cloud DevOps Engineer — Question 104

You are building an application that runs on Cloud Run. The application needs to access a third-party API by using an API key. You need to determine a secure way to store and use the API key in your application by following Google-recommended practices. What should you do?

Answer options

• A. Save the API key in Secret Manager as a secret. Reference the secret as an environment variable in the Cloud Run application.
• B. Save the API key in Secret Manager as a secret key. Mount the secret key under the /sys/api_key directory, and decrypt the key in the Cloud Run application.
• C. Save the API key in Cloud Key Management Service (Cloud KMS) as a key. Reference the key as an environment variable in the Cloud Run application.
• D. Encrypt the API key by using Cloud Key Management Service (Cloud KMS), and pass the key to Cloud Run as an environment variable. Decrypt and use the key in Cloud Run.

Correct answer: A

Explanation

The correct answer is A because it follows best practices for securely managing sensitive information by using Secret Manager, which is designed for this purpose. The other options either involve unnecessary complexity, such as mounting and decrypting secrets, or do not utilize Secret Manager effectively.