0
0
GCPcloud~20 mins

Environment variables and secrets in GCP - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
Secrets Mastery Badge
Get all challenges correct to earn this badge!
Test your skills under time pressure!
service_behavior
intermediate
2:00remaining
How does Cloud Run handle environment variables set from Secret Manager?

You deploy a Cloud Run service and configure an environment variable to pull a secret from Secret Manager. What happens if the secret is updated after deployment?

AThe Cloud Run service automatically fetches the updated secret without redeployment.
BThe service crashes because the secret value changes dynamically.
CThe environment variable keeps the old secret value until the service is redeployed.
DThe secret value is updated only if the Cloud Run service is manually restarted.
Attempts:
2 left
💡 Hint

Think about how environment variables are loaded during service startup.

security
intermediate
2:00remaining
Which IAM role is required to allow a Cloud Function to access secrets from Secret Manager?

You want a Cloud Function to read secrets from Secret Manager securely. Which IAM role should you assign to the Cloud Function's service account?

Aroles/secretmanager.admin
Broles/secretmanager.secretAccessor
Croles/secretmanager.viewer
Droles/secretmanager.secretVersionAdder
Attempts:
2 left
💡 Hint

Consider the least privilege principle for reading secrets.

Configuration
advanced
2:00remaining
What is the correct way to inject a secret as an environment variable in a Cloud Run service using gcloud CLI?

You want to deploy a Cloud Run service and inject a secret named API_KEY from Secret Manager as an environment variable API_KEY. Which gcloud command is correct?

Agcloud run deploy my-service --image=gcr.io/my-project/my-image --set-secret-env API_KEY=API_KEY:latest
Bgcloud run deploy my-service --image=gcr.io/my-project/my-image --set-env-vars API_KEY=projects/my-project/secrets/API_KEY/versions/latest
Cgcloud run deploy my-service --image=gcr.io/my-project/my-image --update-secrets API_KEY=API_KEY:latest
Dgcloud run deploy my-service --image=gcr.io/my-project/my-image --set-secrets API_KEY=API_KEY:latest
Attempts:
2 left
💡 Hint

Check the gcloud flag that specifically injects secrets as environment variables.

Architecture
advanced
2:00remaining
Which architecture best protects secrets used by multiple microservices in GCP?

You have multiple microservices running on GKE and Cloud Run that need access to the same secrets. What is the best architecture to manage and secure these secrets?

AUse Secret Manager to centrally store secrets and grant each service's identity access to read them.
BStore secrets in environment variables directly in each service deployment manifest.
CEmbed secrets in container images so services can read them locally.
DStore secrets in a shared Cloud Storage bucket with public read access.
Attempts:
2 left
💡 Hint

Think about central management and least privilege access.

Best Practice
expert
2:00remaining
What is the recommended practice for rotating secrets used by Cloud Run services without downtime?

You want to rotate secrets used as environment variables in Cloud Run services without causing downtime. Which approach follows best practices?

ADeploy a new Cloud Run revision referencing the new secret version, then gradually shift traffic to it.
BUpdate the secret in Secret Manager and redeploy the Cloud Run service with the new secret version.
CChange the secret in Secret Manager and rely on Cloud Run to automatically refresh environment variables.
DUpdate the secret in Secret Manager and restart the Cloud Run service manually to pick up the new secret.
Attempts:
2 left
💡 Hint

Consider how Cloud Run handles revisions and traffic splitting.