A company uses Amazon Elastic Kubernetes Service (Amazon EKS) for a containerized application that stores sensitive values in Kubernetes secrets. The company wants the secrets encrypted with the LEAST operational overhead. Which solution meets this requirement?
Choose an answer
Tap an option to check your answer.
Correct answer: Enable secrets encryption in the EKS cluster by using AWS Key Management Service (AWS KMS)..
Why this is the answer
Enabling secrets encryption in the EKS cluster using AWS KMS is the most straightforward and least operationally intensive solution. This feature directly integrates with EKS, allowing Kubernetes secrets to be encrypted at rest using a customer master key (CMK) in KMS. This offloads the encryption management to AWS, minimizing the operational burden on the company. Using the container application to encrypt information would require modifying application code and managing encryption/decryption logic within the application, increasing development and operational overhead. Implementing an AWS Lambda function for encryption would add another layer of complexity and management, as the Lambda function would need to be triggered and integrated with the secret creation process. Using AWS Systems Manager Parameter Store is a viable option for storing secrets, but it would require migrating existing Kubernetes secrets to Parameter Store and modifying the application to retrieve them from there, which is a higher operational overhead than simply enabling EKS secrets encryption.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed