HashiCorp Certified: Vault Associate (002) — Question 16

Your DevOps team would like to provision VMs in GCP via a CICD pipeline. They would like to integrate Vault to protect the credentials used by the tool. Which secrets engine would you recommend?

Answer options

• A. Google Cloud Secrets Engine
• B. Identity secrets engine
• C. Key/Value secrets engine version 2
• D. SSH secrets engine

Correct answer: A

Explanation

The Google Cloud Secrets Engine is specifically designed to manage and provide access to secrets related to Google Cloud services, making it the best choice for provisioning VMs in GCP. The Identity secrets engine is focused on managing identities, the Key/Value secrets engine version 2 is for general key-value pairs, and the SSH secrets engine is tailored for managing SSH credentials, none of which directly address the needs for GCP provisioning.