1 / 5
A reviewer says: 'Don't hardcode the API token — pull it from the secret store.' Why?
-
-
-
-
Hardcoded secrets leak into repos and logs; a secret store keeps them out of code and access-controlled.
2 / 5
CI 'masks' a secret in the logs. What does masking do?
-
-
-
-
Masking redacts secret values in build output so they don't appear in logs.
3 / 5
The pipeline follows 'least privilege' for its deploy token. What does that mean?
-
-
-
-
Least privilege grants only the permissions strictly required, limiting blast radius if compromised.
4 / 5
What is a 'short-lived' or 'ephemeral' credential?
-
-
-
-
Ephemeral credentials expire soon after issuance, shrinking the window an attacker could use them.
5 / 5
Which sentence correctly uses 'supply chain' security?
-
-
-
-
Software supply chain security guards the integrity of dependencies and build inputs against tampering.