IntermediatePhone
2 min
Secrets Management in CI/CD
SecurityCI/CDDevOps
Advertisement
Interview Question
What are best practices for managing secrets (API keys, tokens) in CI/CD pipelines?
Key Points to Cover
- Use secret managers or CI secret stores (not plain env files)
- Limit scope/TTL; rotate regularly; least privilege
- Avoid printing secrets; enable masking and audit
Evaluation Rubric
Recommends secure storage/manager40% weight
Explains rotation/least privilege35% weight
Mentions masking/audit practices25% weight
Hints
- 💡HashiCorp Vault, AWS Secrets Manager, GitHub Actions secrets.
Potential Follow-up Questions
- ❓How do you handle PR builds from forks?
- ❓What is OIDC for cloud creds?
Advertisement