Linux Foundation Exam CKS Topic 1 Question 54 Discussion

Actual exam question for Linux Foundation's CKS exam

Question #: 54
Topic #: 1

[All CKS Questions]

Secrets stored in the etcd is not secure at rest, you can use the etcdctl command utility to find the secret value

for e.g:-

ETCDCTL_API=3 etcdctl get /registry/secrets/default/cks-secret --cacert="ca.crt" --cert="server.crt" --key="server.key"

Output

Using the Encryption Configuration, Create the manifest, which secures the resource secrets using the provider AES-CBC and identity, to encrypt the secret-data at rest and ensure all secrets are encrypted with the new configuration.

AExplanation:
ETCD secret encryption can be verified with the help ofetcdctlcommand line utility.
ETCD secrets are stored at the path/registry/secrets/$namespace/$secreton the master node.
The below command can be used to verify if the particular ETCD secret is encrypted or not.
# ETCDCTL_API=3 etcdctl get /registry/secrets/default/secret1 [...] | hexdump -C

Show Suggested Answer

Suggested Answer: A

by Frederic at May 11, 2024, 07:06 PM

Limited Time Offer

25%

Off

Get Premium CKS Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Celestina

1 days ago

Yes, we can use the etcdctl command utility to find the secret value.

upvoted 0 times

...

Samira

5 days ago

I think storing secrets in etcd is not secure at rest.

upvoted 0 times

...