Which TWO of the following are valid approaches to manage secrets in a Kubernetes cluster?
This is a best practice; secrets are mounted as files.
Why this answer
Mounting secrets as volumes and using an external secrets manager like HashiCorp Vault are both valid. Storing in ConfigMap is insecure because ConfigMaps are not encrypted. Embedding in YAML is insecure.
Using environment variables is less secure than volumes.