🔥 3-day streak
CompTIA SecurityX (CAS-005)13 / 120
Question 13 of 120

A DevSecOps engineer is hardening a containerized microservice deployment on Kubernetes. During a review, the security team discovers that database passwords and API keys are being passed to containers as plaintext environment variables defined directly in the Deployment manifest, which is stored in a Git repository. The team wants to eliminate secret exposure both at rest in source control and at runtime within the container. Which approach BEST addresses both concerns?

Reviewed for accuracy · Report an issueNext question