あなたは30のマイクロサービスで大規模な分散アプリケーションを設計しています。 分散マイクロサービスのそれぞれは、データベースのバックエンドに接続する必要があります。 資格情報を安全に保管します。
資格情報はどこに保存する必要がありますか?
正解:C
A is not correct because storing credentials in source code and source control is discoverable, in plain text, by anyone with access to the source code. This also introduces the requirement to update code and do a deployment each time the credentials are rotated.
B is not correct because consistently populating environment variables would require the credentials to be available, in plain text, when the session is started.
C is correct because key management systems generate, use, rotate, encrypt, and destroy cryptographic keys and manage permissions to those keys.
D is not correct because instead of managing access to the config file and updating manually as keys are rotated, it would be better to leverage a key management system. Additionally, there is increased risk if the config file contains the credentials in plain text.
https://cloud.google.com/kms/