During a penetration test, you have identified that an organization's proprietary application lacks a proper secrets management solution. Sensitive data within the application, including database credentials, are stored in plaintext configuration files accessible by a number of services. In your final report to the client, which recommendation would best address this vulnerability?
Implementing a secrets management solution to centrally manage and securely store sensitive information
Storing the plaintext configuration files in a more secure directory on the server
Restricting file permissions on the configuration files to administrators only
Changing database credentials regularly without implementing a secrets management system
The correct answer is Implementing a secrets management solution to centrally manage and securely store sensitive information. It is the most effective recommendation as it suggests a method to encrypt secrets and control access to them, which is essential for maintaining their confidentiality and integrity. Storing secrets in plaintext, as observed in the scenario, poses a significant security risk because if an attacker gains access to these files, they would have immediate access to the sensitive data. A secrets management solution provides a secure way to manage access to secrets, often including rotation and auditing capabilities that further enhance security. The incorrect answers fail to address the fundamental issue of securely managing secrets or do not align with best practices for secrets management.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a secrets management solution?
Open an interactive chat with Bash
Why is storing credentials in plaintext a security risk?
Open an interactive chat with Bash
What are the benefits of rotating secrets regularly?