Which of the following would BEST secure the company’s CI/CD pipeline?

A security engineer thinks the development team has been hard-coding sensitive environment variables in its code.

Which of the following would BEST secure the company’s CI/CD pipeline?
A . Utilizing a trusted secrets manager
B . Performing DAST on a weekly basis
C . Introducing the use of container orchestration
D . Deploying instance tagging

View Answer

Answer: A

Explanation:

Reference: https://about.gitlab.com/blog/2021/04/09/demystifying-ci-cd-variables/

A trusted secrets manager is a tool or service that securely stores and manages sensitive information, such as passwords, API keys, tokens, certificates, etc. A trusted secrets manager can help secure the company’s CI/CD (Continuous Integration/Continuous Delivery) pipeline by preventing hard-coding sensitive environment variables in the code, which can expose them to unauthorized access or leakage. A trusted secrets manager can also enable encryption, rotation, auditing, and access control for the secrets.

Reference:

https://www.hashicorp.com/resources/what-is-a-secret-manager

https://dzone.com/articles/how-to-securely-manage-secrets-in-a-ci-cd-pipeline