You want to securely provide a database password to a Google Cloud Run service without hardcoding it. Which approach follows best practices?

hard📝 Best Practice Q15 of 15

GCP - Cloud Functions

AHardcode the password in the Cloud Run service YAML file

BStore the password in Secret Manager and mount it as an environment variable in Cloud Run

CSave the password in a public Google Cloud Storage bucket and read it at runtime

DSend the password as a query parameter in API requests

Step-by-Step Solution

Solution:

Step 1: Identify secure secret storage
Google Secret Manager is designed to store sensitive info like passwords securely.
Step 2: Use environment variables for app access
Mounting secrets as environment variables in Cloud Run keeps secrets out of code and config files.
Step 3: Evaluate other options
Hardcoding, public storage, or sending passwords in URLs expose secrets and are insecure.
Final Answer:
Store the password in Secret Manager and mount it as an environment variable in Cloud Run -> Option B
Quick Check:
Secret Manager + env vars = secure best practice [OK]

Quick Trick: Use Secret Manager and env vars, never hardcode secrets [OK]

Common Mistakes:

Master "Cloud Functions" in GCP

9 interactive learning modes - each teaches the same concept differently

Want More Practice?

15+ quiz questions · All difficulty levels · Free

More GCP Quizzes