HashiCorp Certified: Vault Associate (002) — Question 76

Security requirements demand that no secrets appear in the shell history. Which command does not meet this requirement?

Answer options

• A. generate-password | vault kv put secret/password value=-
• B. vault kv put secret/password value=itsasecret
• C. vault kv put secret/password[email protected]
• D. vault kv put secret/password value=$SECRET_VALUE

Correct answer: B

Explanation

The correct answer is B because the command directly includes the secret 'itsasecret' in the command line, which would be stored in shell history. Options A, C, and D do not expose the secret directly in the command line; instead, they use a pipe or an environment variable, which helps prevent the secret from being saved in the shell history.