DVA-C02 · Question #725
DVA-C02 Question #725: Real Exam Question with Answer & Explanation
The correct answer is A: Configure AWS Secrets Manager to store the secret. Configure the env section of the. CodeBuild natively injects AWS Secrets Manager values via the buildspec env.secrets-manager mapping, keeping the secret encrypted at rest and automatically masking it from logs with minimal setup and no custom retrieval steps.
Question
A developer must securely access a secret during a build process in an AWS CodeBuild project that has an IAM role. The secret must remain encrypted at rest and must be passed to the buildspec.yml file without appearing in the build logs. Which solution will meet these requirements with the LEAST operational overhead?
Options
- AConfigure AWS Secrets Manager to store the secret. Configure the env section of the
- BStore the secret in an encrypted Amazon S3 bucket. Download the secret during the build
- CConfigure AWS Systems Manager Parameter Store to store the secret. Configure the env section
- DStore the secret in AWS Systems Manager Parameter Store. Use a pre-build step to retrieve the
Explanation
CodeBuild natively injects AWS Secrets Manager values via the buildspec env.secrets-manager mapping, keeping the secret encrypted at rest and automatically masking it from logs with minimal setup and no custom retrieval steps.
Community Discussion
No community discussion yet for this question.