Question 9
Domain 4: Minimize Microservice VulnerabilitiesA team wants to store Kubernetes secret manifests in a GitOps repository while reducing the risk of exposing plaintext secret values in version control. Which tool is specifically intended for this GitOps secret-management use case?
Correct answer: A
Explanation
For GitOps workflows, use tools designed to keep secret data protected while storing manifests in version control, such as Sealed Secrets or SOPS. — cks_syllabus.txt
Why each option is right or wrong
A. Sealed Secrets
The source material explicitly lists Sealed Secrets under "Sealed Secrets, SOPS for GitOps secrets," identifying it as a tool used for managing secrets in GitOps workflows.
B. ConfigMap
ConfigMap is for non-secret configuration data, not a GitOps secret-protection tool.
C. Horizontal Pod Autoscaler
Horizontal Pod Autoscaler manages scaling behavior, not secret storage for GitOps repositories.
D. NetworkPolicy
NetworkPolicy controls pod traffic flow, not encryption or protection of secrets in GitOps.