Linux Foundation Exam CKS Topic 1 Question 54 Discussion

Actual exam question for Linux Foundation's CKS exam

Question #: 54
Topic #: 1

[All CKS Questions]

Secrets stored in the etcd is not secure at rest, you can use the etcdctl command utility to find the secret value

for e.g:-

ETCDCTL_API=3 etcdctl get /registry/secrets/default/cks-secret --cacert="ca.crt" --cert="server.crt" --key="server.key"

Output

Using the Encryption Configuration, Create the manifest, which secures the resource secrets using the provider AES-CBC and identity, to encrypt the secret-data at rest and ensure all secrets are encrypted with the new configuration.

AExplanation:
ETCD secret encryption can be verified with the help ofetcdctlcommand line utility.
ETCD secrets are stored at the path/registry/secrets/$namespace/$secreton the master node.
The below command can be used to verify if the particular ETCD secret is encrypted or not.
# ETCDCTL_API=3 etcdctl get /registry/secrets/default/secret1 [...] | hexdump -C

Show Suggested Answer

Suggested Answer: A

by Frederic at May 11, 2024, 07:06 PM

Limited Time Offer

25%

Off

Get Premium CKS Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Reed

24 days ago

Well, at least they're not asking us to do a barrel roll in the middle of the exam. Although, that would probably be more fun than trying to secure those etcd secrets.

upvoted 0 times

Rupert

1 days ago

I agree, securing etcd secrets can be quite challenging.

upvoted 0 times

...

Beata

1 months ago

Ah, the joys of working with sensitive data. Gotta love how they give you the exact command to reveal the secrets. It's like they want us to become master hackers or something!

upvoted 0 times

Emmett

22 days ago

User 2

upvoted 0 times

...

Stevie

26 days ago

User 1

upvoted 0 times

...

Antonette

1 months ago

Hmm, I'm not sure I'd want to be running that etcdctl command on my production cluster. Sounds like a good way to get caught by the security police!

upvoted 0 times

...

Truman

1 months ago

Encrypting the secrets at rest is crucial for security. I'm glad they're providing a step-by-step on how to set that up. Can't wait to try it out!

upvoted 0 times

...

Niesha

2 months ago

Whoa, that's a handy trick to check the secrets in etcd! But I wonder if there's a more secure way to manage those secrets, ya know, without exposing them in the clear.

upvoted 0 times