You are developing a serverless application with Oracle Functions. Your function needs to store state

You are developing a serverless application with Oracle Functions. Your function needs to store state in a database. Your corporate security Standards mandate encryption of secret information like database passwords.
As a function developer, which approach should you follow to satisfy this security requirement?

A. Use the Oracle Cloud Infrastructure Console and enter the password in the function configuration section in the provided input field.

B. Use Oracle Cloud Infrastructure Key Management to auto-encrypt the password. It will inject the auto-decrypted password inside your function container.

C. Encrypt the password using Oracle Cloud Infrastructure Key Management. Decrypt this password in your function code withthe generated key.

D. All function configuration variables are automatically encrypted by Oracle Functions.

Correct Answer: C

Explanation
Oracle Functions: Using Key Management To Encrypt And Decrypt Configuration Variables Since this process involves multiple steps, I thought it would be helpful to give you an outline of the steps that we’re going to take:
Create a KMS vault
Create a Master Encryption Key
Generate a Data Encryption Key
Use the DEK plaintext return value to encrypt the sensitive value (offline) Store the encrypted sensitive value as a config variable in the serverless application Store the DEK ciphertext and the initVector used to encrypt the sensitive value as Function config variables Within the function, decrypt theDEK ciphertext back into plaintext using the OCID and Cryptographic Endpoint by invoking the OCI KMS SDK Decrypt the sensitive value using the decrypted DEK plaintext and the initVector

References:
https://blogs.oracle.com/developers/oracle-functions-using-key-management-to-encrypt-and-decrypt-configuratio
https://docs.oracle.com/en/database/other-databases/essbase/19.3/essad/encrypt-values-using-kms.html