Security requirements demand that no secrets appear in the shell history.
Which command does not meet this requirement?
A. generate-password | vault kv put secret/password value
B. vault kv put secret/password value-itsasecret
C. vault kv put secret/password value=@data.txt
D. vault kv put secret/password value-SSECRET_VALUE
Answer: B
Explanation:
The command that does not meet the security requirement of not having secrets appear in the shell history is B. vault kv put secret/password value-itsasecret. This command would store the secret value “itsasecret” in the key/value secrets engine at the path secret/password, but it would also expose the secret value in the shell history, which could be accessed by other users or malicious actors. This is not a secure way of storing secrets in Vault.
The other commands are more secure ways of storing secrets in Vault without revealing them in the
shell history.
A. generate-password | vault kv put secret/password value would use a pipe to pass the
output of the generate-password command, which could be a script or a tool that generates a
random password, to the vault kv put command, which would store the password in the key/value
secrets engine at the path secret/password. The password would not be visible in the shell history,
only the commands.
C. vault kv put secret/password value=@data.txt would use the @ syntax to
read the secret value from a file named data.txt, which could be encrypted or protected by file
permissions, and store it in the key/value secrets engine at the path secret/password. The file name
would be visible in the shell history, but not the secret value.
D. vault kv put secret/password value-
SSECRET_VALUE would use the -S syntax to read the secret value from the environment variable
SECRET_VALUE, which could be set and unset in the shell session, and store it in the key/value
secrets engine at the path secret/password. The environment variable name would be visible in the
shell history, but not the secret value.
Reference: [Write Secrets | Vault | HashiCorp Developer]
Latest VA-002-P Dumps Valid Version with 200 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund