Question 31
Domain 4: Minimize Microservice VulnerabilitiesA platform team wants to store Kubernetes secret manifests in a GitOps repository without committing plaintext secret values. Which tool is specifically intended to let teams commit encrypted Kubernetes secrets to Git and later decrypt them for use in the cluster?
Correct answer: A
Explanation
For GitOps workflows, use tools designed to keep secret values encrypted in version control and decrypt them only when applied or consumed by the cluster. — cks_syllabus.txt
Why each option is right or wrong
A. Sealed Secrets
The source material explicitly lists Sealed Secrets under GitOps secrets, identifying it as a tool for managing encrypted secrets in GitOps workflows for Kubernetes.
B. ConfigMap
ConfigMap stores configuration data, not encrypted secrets for GitOps secret management.
C. Ingress
Ingress manages external access to services, not secret encryption or GitOps secret storage.
D. Namespace
Namespace provides logical isolation for resources, not encrypted secret handling in GitOps.