🔥 3-day streak
AWS Certified DevOps Engineer - Professional76 / 204
Question 76 of 204
A DevOps team runs integration tests in AWS CodeBuild as part of a CodePipeline. The tests require a database password and a third-party API key. Currently these values are hardcoded as plaintext environment variables in the CodeBuild project configuration, and a security audit has flagged this. The team wants CodeBuild to retrieve the secrets at build time without exposing them in the project definition, build logs, or the buildspec file, while keeping the buildspec portable across accounts. Which approach BEST meets these requirements?
Reviewed for accuracy · Report an issueNext question