CI/CD Pipeline Security
OIDC authentication, secrets management, SLSA provenance, minimal permissions, supply chain security
1What is OIDC (OpenID Connect) in the context of CI/CD pipelines?
What is OIDC (OpenID Connect) in the context of CI/CD pipelines?
Відповідь
OIDC is an authentication protocol that allows CI/CD pipelines to authenticate with cloud providers without using static secrets. Instead of storing long-lived credentials, the pipeline exchanges a signed JWT token for temporary credentials. This approach eliminates risks associated with storing and rotating secrets, while providing better traceability through token claims that precisely identify the workflow and repository.
2What is the main advantage of External Secrets Operator in Kubernetes?
What is the main advantage of External Secrets Operator in Kubernetes?
Відповідь
External Secrets Operator automatically synchronizes secrets from external managers (Vault, AWS Secrets Manager, Azure Key Vault) into native Kubernetes Secrets. This approach centralizes secret management in a dedicated system while allowing applications to consume secrets in a standard way. It also facilitates automatic secret rotation and avoids storing sensitive credentials directly in Kubernetes manifests or Git repositories.
3What does the principle of least privilege mean in the context of CI/CD pipelines?
What does the principle of least privilege mean in the context of CI/CD pipelines?
Відповідь
The principle of least privilege consists of granting pipelines only the permissions strictly necessary to accomplish their tasks. For example, a build pipeline should only have read rights on source code, while a deployment pipeline would only access resources in the target environment. This approach limits damage in case of pipeline compromise and reduces the overall attack surface of the infrastructure.
What is an SBOM (Software Bill of Materials)?
Why use HashiCorp Vault rather than environment variables to store secrets?
+17 питань зі співбесід
Інші теми співбесід DevOps
Version Control & Git
Linux Fundamentals
Shell Scripting & Bash
Networking Basics
Docker Fundamentals
CI/CD Fundamentals
GitHub Actions
GitLab CI/CD
Jenkins
Kubernetes Basics
Kubernetes Networking
Kubernetes Advanced
Ingress & API Gateway
Terraform Basics
Terraform Advanced
Ansible & Configuration Management
AWS Essentials
Azure Fundamentals
GCP Fundamentals
Monitoring & Prometheus
Logging & ELK Stack
Alerting & Incident Response
Cloud Identity & Secrets
Helm & Kubernetes
Runtime & Cluster Security
Container Supply Chain Security
Service Mesh & Istio
GitOps & ArgoCD
Progressive Delivery
Distributed Observability
Disaster Recovery & Backup
Performance Optimization
Cloud Cost Optimization
SRE Principles
Chaos Engineering
Platform Engineering
Опануй DevOps для наступної співбесіди
Отримай доступ до всіх питань, flashcards, технічних тестів, вправ code review та симуляторів співбесід.
Почни безкоштовно