Certified Kubernetes Application Developer (CKAD) Practice Test

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Certified Kubernetes Application Developer (CKAD) Exam. Gain confidence with flashcards and multiple-choice questions, complete with hints and explanations. Achieve your certification with ease!

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

What is the method used to encrypt secrets at rest in Kubernetes?

Using Docker
Using config maps
Using etcd
Using external storage

The correct answer is: Using etcd

The correct answer is that secrets in Kubernetes are encrypted at rest primarily using etcd. Kubernetes stores its configuration data, including secrets, in etcd, which is a key-value store. While etcd alone does not inherently encrypt the data it holds, Kubernetes allows you to enable encryption of secrets before they are stored in etcd. This is done through configuring encryption at rest in the Kubernetes API server. When this feature is enabled, any secrets created or modified in the cluster are encrypted using specified encryption providers and then stored in etcd. This ensures that sensitive data remains secure, even if an unauthorized party gains access to the etcd data store. Using Docker, config maps, or external storage does not directly relate to the encryption of secrets at rest within the Kubernetes ecosystem. Docker is primarily concerned with containerization and does not handle secrets management specifically. Config maps are used for storing non-sensitive configuration data, while external storage systems could be used for persistent storage, but they do not directly facilitate the encryption of Kubernetes secrets by themselves. Thus, etcd is the fundamental component related to the storage and encryption of secrets in Kubernetes.