Practice free →
HomeAzure AZ-204cloudcomputingaz204compute › An AKS cluster needs to give pods authenticated …

An AKS cluster needs to give pods authenticated access to Azure Key Vault WITHOUT mounting service-principal secrets in pods. Which configuration is BEST?

AHardcoding service-principal secrets in environment variables
BWorkload Identity on AKS — federates Kubernetes service accounts to Entra ID identities for short-lived token access
CGranting `Owner` at the subscription level to every pod
DDisabling RBAC on the cluster
Answer & Solution
Correct answer: B. Workload Identity on AKS — federates Kubernetes service accounts to Entra ID identities for short-lived token access
Workload Identity (AKS) federates K8s SAs to Entra and issues short-lived OIDC tokens — no static secrets in pods. The others are textbook security antipatterns.
Solve this in the app — Azure AZ-204 practice & 24k+ MCQs →
Related questions