Q80 — AWS DVA-C02 Ch.3
Question 80 of 100 | ← Chapter 3
A company needs to share information with a partner. The partner exposes an HTTP API endpoint, and the company uses an API key to access it. The company requires a secure method to manage the API key in code, ensuring API key integration with the application code does not impact application performance. Which solution most securely meets these requirements?
- A. Store the API credentials in AWS Secrets Manager. Retrieve the API credentials at runtime using the AWS SDK. Use the credentials for API calls. ✓
- B. Store API credentials in local code variables. Push the code to a secure Git repository. Use the local code variables for API calls at runtime.
- C. Store API credentials as objects in a private Amazon S3 bucket. Restrict access to the S3 object using IAM policies. Retrieve the API credentials at runtime using the AWS SDK. Use the credentials for API calls.
- D. Store API credentials in an Amazon DynamoDB table. Restrict access to the table using resource-based policies. Retrieve the API credentials at runtime using the AWS SDK. Use the credentials for API calls.
Correct Answer: A. Store the API credentials in AWS Secrets Manager. Retrieve the API credentials at runtime using the AWS SDK. Use the credentials for API calls.
Explanation
Storing API keys in source control (Option B) is insecure and violates security best practices. While Options C and D provide storage mechanisms, they lack native secret rotation, audit logging, and fine-grained access controls inherent to dedicated secret management services. AWS Secrets Manager is purpose-built for secure credential storage, offering automatic rotation, encryption at rest and in transit, granular IAM permissions, and audit trails via AWS CloudTrail—all without impacting application performance due to efficient SDK caching and low-latency retrieval. Thus, Option A is the most secure and appropriate solution. 【Provided by Lantern Certification: swufelp1999】