Your organization is developing serverless applications with Oracle Functions. Many of these functions will need to store state data in a database which will require the use of appropriate credentials. However, your corporate security standards mandate the encryption of secret information, such as database passwords.
As a solutions architect, which approach would you direct your team to follow to satisfy this security requirement?
To satisfy the security requirement of encrypting secret information such as database passwords, you should use the OCI Vault service to encrypt the password and then decrypt it in your function code with the generated key. This ensures that the sensitive data is securely stored and managed according to corporate security standards, reducing the risk of unauthorized access or exposure.
answer b is correct.
The provided answer C, is correct. Create a KMS vault Create a Master Encryption Key Generate a Data Encryption Key (DEK) from the Master Encryption Key Use the DEK "plaintext" return value to encrypt the "sensitive value" (offline) Store the encrypted "sensitive value" as a config variable in the serverless application Store the DEK ciphertext and the initVector used to encrypt the "sensitive value" as Function config variables Within the function, decrypt the DEK ciphertext back into "plaintext" using the OCID and Cryptographic Endpoint by invoking the OCI KMS SDK Decrypt the "sensitive value" using the decrypted DEK "plaintext" and the initVector https://blogs.oracle.com/developers/oracle-functions-using-key-management-to-encrypt-and-decrypt-configuration-variables https://www.ateam-oracle.com/secure-storage-of-confidential-configuration-data-in-oracle-functions-using-oracle-oci-key-management-services