Google Cloud Professional Cloud DevOps Engineer — Question 151

You are deploying an application to Cloud Run. The application requires a password to start. Your organization requires that all passwords are rotated every 24 hours, and your application must have the latest password. You need to deploy the application with no downtime. What should you do?

Answer options

• A. Store the password in Secret Manager and send the secret to the application by using environment variables.
• B. Store the password in Secret Manager and mount the secret as a volume within the application.
• C. Use Cloud Build to add your password into the application container at build time. Ensure that Artifact Registry is secured from public access.
• D. Store the password directly in the code. Use Cloud Build to rebuild and deploy the application each time the password changes.

Correct answer: B

Explanation

The correct answer is B because mounting the secret as a volume allows the application to access the latest password without needing to rebuild or redeploy, ensuring no downtime. Option A is incorrect because environment variables would require a redeployment for updates. Option C is not ideal as it involves embedding the password at build time, which doesn't support automated rotation without downtime. Option D is not secure and requires constant rebuilding of the application, which leads to downtime.