Linux Foundation Exam CKS Topic 1 Question 54 Discussion

Actual exam question for Linux Foundation's CKS exam

Question #: 54
Topic #: 1

[All CKS Questions]

Secrets stored in the etcd is not secure at rest, you can use the etcdctl command utility to find the secret value

for e.g:-

ETCDCTL_API=3 etcdctl get /registry/secrets/default/cks-secret --cacert="ca.crt" --cert="server.crt" --key="server.key"

Output

Using the Encryption Configuration, Create the manifest, which secures the resource secrets using the provider AES-CBC and identity, to encrypt the secret-data at rest and ensure all secrets are encrypted with the new configuration.

AExplanation:
ETCD secret encryption can be verified with the help ofetcdctlcommand line utility.
ETCD secrets are stored at the path/registry/secrets/$namespace/$secreton the master node.
The below command can be used to verify if the particular ETCD secret is encrypted or not.
# ETCDCTL_API=3 etcdctl get /registry/secrets/default/secret1 [...] | hexdump -C

Show Suggested Answer

Suggested Answer: A

by Frederic at May 11, 2024, 07:06 PM

Limited Time Offer

25%

Off

Get Premium CKS Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Truman

1 days ago

Encrypting the secrets at rest is crucial for security. I'm glad they're providing a step-by-step on how to set that up. Can't wait to try it out!

upvoted 0 times

...

Niesha

17 days ago

Whoa, that's a handy trick to check the secrets in etcd! But I wonder if there's a more secure way to manage those secrets, ya know, without exposing them in the clear.

upvoted 0 times