1. Secrets Management
Question: How do you handle secrets in a CI/CD pipeline?
Never store secrets in code. Use environment variables injected by the CI system (e.g., GitHub Actions Secrets, Jenkins Credentials) or fetch them from a secrets manager (Vault, AWS Secrets Manager) at runtime.
2. Container Security
Question: How do you secure a Docker container?
Use minimal base images (Alpine/Distroless), run as non-root user, scan images for vulnerabilities, limit resources (CPU/RAM), and use read-only filesystems where possible.