How should you configure your application to retrieve Spanner credentials?

You are developing a microservice-based application that will be deployed on a Google Kubernetes Engine cluster. The application needs to read and write to a Spanner database. You want to follow security best practices while minimizing code changes.

How should you configure your application to retrieve Spanner credentials?
A . Configure the appropriate service accounts, and use Workload Identity to run the pods.
B . Store the application credentials as Kubernetes Secrets, and expose them as environment variables.
C . Configure the appropriate routing rules, and use a VPC-native cluster to directly connect to the database.
D . Store the application credentials using Cloud Key Management Service, and retrieve them whenever a database connection is made.

Answer: A

Explanation:

https://cloud.google.com/kubernetes-engine/docs/concepts/workload-identity

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments