InterviewStack.io LogoInterviewStack.io

Secrets and Sensitive Data Management Questions

Covers the practices, tools, and operational processes for securely storing, accessing, rotating, and protecting secrets and other sensitive data used by applications and infrastructure. Candidates should know centralized secret vaults such as HashiCorp Vault, Amazon Web Services Secrets Manager, Microsoft Azure Key Vault, and Google Secret Manager; strategies for automated and manual credential rotation including emergency rotation procedures; integration with continuous integration and continuous deployment pipelines and infrastructure as code; techniques to prevent secret leakage into source code repositories, logs, and monitoring systems; encryption of secrets at rest and in transit; application of least privilege and identity and access management roles for secret access; use of short lived and ephemeral credentials and service accounts as alternatives to long lived static credentials; audit logging, monitoring, and alerting for secret access and misuse; secret scanning, secure secret referencing patterns in code and templates, and operational plans for rotating credentials without downtime.

EasyTechnical
120 practiced
A junior engineer accidentally committed a file containing a password to a git repository. List immediate steps you would take to contain the leak, long-term process changes to prevent recurrence, and techniques/tools to detect leaked secrets proactively in repositories.
MediumTechnical
73 practiced
You discover that a production API key was leaked to a public paste site. Describe your emergency rotation procedure step-by-step: containment, validation, rotation, rolling updates, secrets revocation, communication, and post-incident actions to prevent recurrence.
MediumTechnical
116 practiced
Design a mechanism that prevents secrets from being stored in Terraform state files or CloudFormation templates in plain text for a large team. Describe tooling, guardrails, workflows for secret injection at apply-time, and how to handle sensitive outputs securely.
HardTechnical
84 practiced
You suspect an attacker exfiltrated secrets via application logs. Describe the forensic steps you would follow to confirm exfiltration, scope impacted secrets/services, contain the breach, rotate impacted credentials, and produce evidence for legal/audit purposes.
HardTechnical
75 practiced
As a Cloud Engineer leading a small team, describe how you would create and enforce developer workflows that secure secrets for local development, CI pipelines, and production. Cover developer onboarding, local secret injection, testing with fake secrets, secret approvals, and metrics to track compliance and developer friction.

Unlock Full Question Bank

Get access to hundreds of Secrets and Sensitive Data Management interview questions and detailed answers.

Sign in to Continue

Join thousands of developers preparing for their dream job.