An engineer wants to use an AI-based suggestion system to write a script that needs sensitive credentials. Which method reduces the chances of exposing those credentials to the automated tool?
Strip detailed messages from logs while embedding credentials in the script
Include credentials in ephemeral containers created by the script
Embed the credentials directly in the script for quick reference
Store the credentials using environment variables to reference them inside the script
Placing credentials in environment variables keeps them out of the source code that the automated system analyzes. Hardcoding them in the script or bundling them with AI-generated code introduces a higher risk of disclosing sensitive information. Altering logs or using ephemeral containers does not guarantee proper isolation of credentials as they can still surface in temporary files or debugging processes.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why are environment variables safer for storing sensitive credentials?
Open an interactive chat with Bash
How can an engineer securely set and access environment variables?
Open an interactive chat with Bash
What are the risks of embedding credentials directly in source code?