🔥 3-day streak
Professional Cloud DevOps Engineer158 / 165
Question 158 of 165

Your platform team runs Terraform from a Cloud Build pipeline in a dedicated CI/CD project. The Terraform configuration needs a database password to provision a Cloud SQL instance, and this password must never appear in the Terraform state that is stored in a GCS remote backend, in build logs, or in the repository. Your security team also requires that the secret be centrally rotated. Which approach best meets all these requirements?

Reviewed for accuracy · Report an issueNext question