Securely Storing Credentials for Distributed Microservices

C.

When designing a distributed application with microservices, it is important to ensure that credentials for accessing the database back-end are stored securely. The storage location should be accessible by the microservices but not by anyone else who is unauthorized.

Out of the options provided, the best option for storing credentials securely is C: In a secret management system. A secret management system is a centralized system that stores and manages sensitive information, such as passwords, API keys, and certificates. This system provides a secure way to manage the credentials, which can be accessed by authorized microservices as needed.

Using A: In the source code, is not a secure way to store credentials because the source code can be accessed by anyone who has access to the code repository. This includes not only authorized developers but also potentially unauthorized users who have gained access to the repository.

Using B: In an environment variable, is better than storing the credentials in source code but still not as secure as using a secret management system. Environment variables can be accessed by any process running on the same machine, so if an attacker gains access to the machine, they could potentially access the credentials stored in environment variables.

Using D: In a config file that has restricted access through ACLs, is better than storing the credentials in source code or environment variables, but it still has limitations. While the access control list (ACL) can restrict access to the config file, it may not be as secure as using a secret management system. Additionally, managing access control lists for multiple microservices can become cumbersome and error-prone.

In summary, when storing credentials for distributed microservices, it is best to use a centralized secret management system that provides secure and controlled access to the credentials.