Skip to Content

DVA-C02: How to Manage API Keys Securely with AWS Secrets Manager

Learn how to use AWS Secrets Manager to store and retrieve API keys securely for your applications. Compare different solutions and understand the benefits of using AWS Secrets Manager over other options.

Question

A company wants to share information with a third party. The third party has an HTTP API endpoint that the company can use to share the information. The company has the required API key to access the HTTP API.

The company needs a way to manage the API key by using code. The integration of the API key with the application code cannot affect application performance.

Which solution will meet these requirements MOST securely?

A. Store the API credentials in AWS Secrets Manager. Retrieve the API credentials at runtime by using the AWS SDK. Use the credentials to make the API call.

B. Store the API credentials in a local code variable. Push the code to a secure Git repository. Use the local code variable at runtime to make the API call.

C. Store the API credentials as an object in a private Amazon S3 bucket. Restrict access to the S3 object by using IAM policies. Retrieve the API credentials at runtime by using the AWS SDK. Use the credentials to make the API call.

D. Store the API credentials in an Amazon DynamoDB table. Restrict access to the table by using resource-based policies. Retrieve the API credentials at runtime by using the AWS SDK. Use the credentials to make the API call.

Answer

A. Store the API credentials in AWS Secrets Manager. Retrieve the API credentials at runtime by using the AWS SDK. Use the credentials to make the API call.

Explanation

The correct answer is A. Store the API credentials in AWS Secrets Manager. Retrieve the API credentials at runtime by using the AWS SDK. Use the credentials to make the API call.

To manage the API key by using code, the company should use AWS Secrets Manager, which is a service that helps to securely store and retrieve secrets, such as passwords, API keys, and tokens. AWS Secrets Manager also supports automatic rotation of secrets, which can enhance security and compliance.

The other options are incorrect for the following reasons:

  • Option B is incorrect because storing the API credentials in a local code variable is not secure. Anyone who has access to the code or the Git repository can see the API key in plain text. This can expose the company to unauthorized access or data breaches.
  • Option C is incorrect because storing the API credentials as an object in a private Amazon S3 bucket is not the best option. Although S3 can encrypt and restrict access to objects, it does not provide any built-in mechanism for rotating or retrieving secrets. The company would have to implement additional logic and policies to manage the API key lifecycle.
  • Option D is incorrect because storing the API credentials in an Amazon DynamoDB table is not the best option. Although DynamoDB can encrypt and restrict access to data, it does not provide any built-in mechanism for rotating or retrieving secrets. The company would have to implement additional logic and policies to manage the API key lifecycle.

The latest AWS Certified Developer – Associate DVA-C02 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the AWS Certified Developer – Associate DVA-C02 exam and earn AWS Certified Developer – Associate DVA-C02 certification.

AWS Certified Developer - Associate DVA-C02 Exam Questions and Answers

Alex Lim is a certified IT Technical Support Architect with over 15 years of experience in designing, implementing, and troubleshooting complex IT systems and networks. He has worked for leading IT companies, such as Microsoft, IBM, and Cisco, providing technical support and solutions to clients across various industries and sectors. Alex has a bachelor’s degree in computer science from the National University of Singapore and a master’s degree in information security from the Massachusetts Institute of Technology. He is also the author of several best-selling books on IT technical support, such as The IT Technical Support Handbook and Troubleshooting IT Systems and Networks. Alex lives in Bandar, Johore, Malaysia with his wife and two chilrdren. You can reach him at [email protected] or follow him on Website | Twitter | Facebook

    Ads Blocker Image Powered by Code Help Pro

    Your Support Matters...

    We run an independent site that is committed to delivering valuable content, but it comes with its challenges. Many of our readers use ad blockers, causing our advertising revenue to decline. Unlike some websites, we have not implemented paywalls to restrict access. Your support can make a significant difference. If you find this website useful and choose to support us, it would greatly secure our future. We appreciate your help. If you are currently using an ad blocker, please consider disabling it for our site. Thank you for your understanding and support.