When you add a new version to a secret in Google Cloud Secret Manager, what happens to the previous versions?
Think about how you might want to roll back to an older password if needed.
Secret Manager keeps all versions of a secret. Each version can be enabled or disabled independently, allowing safe rollbacks or staged updates.
To allow a service account to read secret values from Secret Manager, which IAM role should you assign?
Look for the role that specifically allows reading secret data.
The role roles/secretmanager.secretAccessor grants permission to access secret versions' data without full admin rights.
You want a Cloud Function to connect to a database using credentials stored in Secret Manager. Which architecture ensures the credentials are securely accessed and rotated?
Think about security best practices for secret storage and access.
Fetching secrets at runtime from Secret Manager with proper IAM roles ensures credentials are not hardcoded and can be rotated without redeploying code.
You have a secret named db-password. Which command correctly adds a new version with the value from a file password.txt?
Remember the command to add a new version to an existing secret.
The command gcloud secrets versions add adds a new version to an existing secret using the data from the specified file.
You want to rotate database credentials stored in Secret Manager automatically every 30 days without downtime. Which approach is best?
Think about automation and smooth transition without service interruption.
Automating rotation with Cloud Scheduler and Cloud Functions allows seamless creation of new secret versions and updating the database, while clients can fetch the latest secret version without downtime.