Security Engineering
Secrets Management
9 practice questions. Free questions open a full answer guide; the rest unlock with Pro.
- An engineer accidentally commits an active cloud credential and pushes it to your repo. Walk me through your response and what order you do things in.
- Your services authenticate to the database with a username and password stored in a secrets manager. Why might a senior engineer still call that an anti-pattern, and what would you move toward?Go Pro
- A teammate hardcoded a database password directly in the application's source code. Why is that a problem, and what would you suggest instead?Go Pro
- A teammate accidentally committed an API key and pushed it to a public repo. Walk me through how you'd respond, and why rewriting git history isn't enough on its own.Go Pro
- Why is injecting a secret as an environment variable considered weaker than mounting it from a secrets manager, and how would you reduce the risk if you have to use env vars?Go Pro
- Your application needs to authenticate to a cloud service. Walk me through how it should get its credentials at runtime without you putting any secret in the code or the container image.Go Pro
- What is the difference between a static secret and a dynamic (short-lived) secret, and why might you prefer dynamic credentials for database access?Go Pro
- How do you get a secret from a central store into a running container's process without it ending up baked into the image, sitting in an environment variable, or leaking into logs?Go Pro
- Why are short-lived dynamic secrets preferred over long-lived static credentials, and where do dynamic secrets not fit?Go Pro
Want questions matched to your role? Paste a job title, job description, or CV for a personalized set, or go Pro to unlock the full bank.