Store API keys and certificates securely in Google Cloud | CDL Exam Solution

Correct Answer: A.

Option A is Correct.

A secret manager can be used to store API keys, passwords, and certificates.

Option B is Incorrect.

Cloud Key Management helps manage encryption keys and cannot be used for storing API keys and certificates.

Option C is Incorrect.

The security command center cannot be used for storing API keys and certificates, but it is appropriate to be used to defend Google cloud assets against threats.

Option D is Incorrect.

Cloud Key management is an incorrect option.

https://cloud.google.com/security-command-center https://cloud.google.com/secret-manager https://cloud.google.com/security-key-management

The recommended solution for storing API keys and certificates in Google Cloud is to use a combination of Secret Manager and Cloud Key Management. Therefore, the correct answer is option D, A & B.

Here's a brief overview of each of these services:

1. Secret Manager: Google Cloud Secret Manager is a fully managed service that enables you to store and manage API keys, passwords, certificates, and other sensitive data in a central location. With Secret Manager, you can easily rotate, monitor, and audit access to your secrets.

By using Secret Manager to store API keys and certificates, you can ensure that sensitive data is stored securely and access to it is tightly controlled.

2. Cloud Key Management: Google Cloud Key Management Service (KMS) is a cloud-based cryptographic key management system that enables you to generate, use, rotate, and destroy encryption keys for your cloud services.

By using Cloud KMS, you can ensure that your API keys and certificates are encrypted and stored securely. You can also manage the lifecycle of your keys, and control access to them.

3. Security Command Center: Google Cloud Security Command Center is a security and data risk platform that provides visibility into your security posture across your Google Cloud resources.

While Security Command Center is a useful service for monitoring security across your cloud environment, it is not specifically designed for storing API keys and certificates.

In summary, to ensure the security of your API keys and certificates in Google Cloud, you should use Secret Manager to store your secrets, and Cloud KMS to encrypt and manage access to your secrets.