Security Engineering

Secrets Management

9 practice questions. Free questions open a full answer guide; the rest unlock with Pro.

  • An engineer accidentally commits an active cloud credential and pushes it to your repo. Walk me through your response and what order you do things in. Senior level
  • Your services authenticate to the database with a username and password stored in a secrets manager. Why might a senior engineer still call that an anti-pattern, and what would you move toward?Go Pro Senior level
  • A teammate hardcoded a database password directly in the application's source code. Why is that a problem, and what would you suggest instead?Go Pro Junior level
  • A teammate accidentally committed an API key and pushed it to a public repo. Walk me through how you'd respond, and why rewriting git history isn't enough on its own.Go Pro Mid level
  • Why is injecting a secret as an environment variable considered weaker than mounting it from a secrets manager, and how would you reduce the risk if you have to use env vars?Go Pro Mid level
  • Your application needs to authenticate to a cloud service. Walk me through how it should get its credentials at runtime without you putting any secret in the code or the container image.Go Pro Junior level
  • What is the difference between a static secret and a dynamic (short-lived) secret, and why might you prefer dynamic credentials for database access?Go Pro Junior level
  • How do you get a secret from a central store into a running container's process without it ending up baked into the image, sitting in an environment variable, or leaking into logs?Go Pro Senior level
  • Why are short-lived dynamic secrets preferred over long-lived static credentials, and where do dynamic secrets not fit?Go Pro Mid level
Want questions matched to your role? Paste a job title, job description, or CV for a personalized set, or go Pro to unlock the full bank.