A developer is creating a script that calls a remote service using specialized credentials. The organization’s policies require that credentials are regularly rotated for security. The developer is considering embedding these values in the application code to simplify the design. Which approach is recommended to protect these details from unauthorized access?
Define static tokens in the script and rely on code obfuscation
Keep the data in a local file with restricted read permissions
Encrypt values with the system's default key and store them in source control
Use a vault service that provides temporary tokens at execution time
Retrieving secrets from a secure vault during runtime helps ensure they are not stored in code, reducing the potential for exposure. Vault systems typically integrate with applications through controlled mechanisms and can rotate the credentials. Placing them in code or local files poses risks if the systems are compromised, and encrypting locally still exposes the key within the environment
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a vault service, and how does it work?
Open an interactive chat with Bash
How does credential rotation improve security?
Open an interactive chat with Bash
What risks arise from embedding credentials directly in application code?
Open an interactive chat with Bash
CompTIA Cloud+ CV0-004
Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access