How do you manage secrets for hundreds of services in centralized CI/CD?
It tests secret sprawl prevention and least privilege in CI/CD. Answer: use a secrets manager with RBAC, short-lived credentials, runtime injection, and audit logs. Red flag: secrets in Git, plain env vars, or one shared master key.
This question tests whether you can design a scalable, secure secret lifecycle for a large service fleet without creating single points of compromise. A strong answer recommends a centralized secrets manager with strict RBAC, short-lived dynamic credentials injected at runtime, comprehensive audit logging, and automatic rotation. The interviewer is listening for storing secrets in version control, passing them through plain environment variables on shared build agents, or using one global key for every service.
Read the original → cloud.google.com
- #ci/cd
- #secrets-management
- #security
- #devops
- #infrastructure
Get five bites like this every day.
Tezvyn delivers a daily feed of 60-second tech bites with quizzes to lock in what you learn.