- All Exams Instant Download
Which command does not meet this requirement?
Security requirements demand that no secrets appear in the shell history.
Which command does not meet this requirement?
A. generate-password | vault kv put secret/password value
B. vault kv put secret/password value-itsasecret
C. vault kv put secret/password [email protected]
D. vault kv put secret/password value-SSECRET_VALUE
Answer: B
Explanation:
The command that does not meet the security requirement of not having secrets appear in the shell history is B. vault kv put secret/password value-itsasecret. This command would store the secret value “itsasecret” in the key/value secrets engine at the path secret/password, but it would also expose the secret value in the shell history, which could be accessed by other users or malicious actors. This is not a secure way of storing secrets in Vault.
The other commands are more secure ways of storing secrets in Vault without revealing them in the
shell history.
A. generate-password | vault kv put secret/password value would use a pipe to pass the
output of the generate-password command, which could be a script or a tool that generates a
random password, to the vault kv put command, which would store the password in the key/value
secrets engine at the path secret/password. The password would not be visible in the shell history,
only the commands.
C. vault kv put secret/password [email protected] would use the @ syntax to
read the secret value from a file named data.txt, which could be encrypted or protected by file
permissions, and store it in the key/value secrets engine at the path secret/password. The file name
would be visible in the shell history, but not the secret value.
D. vault kv put secret/password value-
SSECRET_VALUE would use the -S syntax to read the secret value from the environment variable
SECRET_VALUE, which could be set and unset in the shell session, and store it in the key/value
secrets engine at the path secret/password. The environment variable name would be visible in the
shell history, but not the secret value.
Reference: [Write Secrets | Vault | HashiCorp Developer]
Latest VA-002-P Dumps Valid Version with 200 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
Subscribe
Login
0 Comments
Inline Feedbacks
View all comments