A company has hired a third party to develop software as part of its strategy to be quicker to market. The company's policy outlines the following requirements:...

A company has hired a third party to develop software as part of its strategy to be quicker to market. The company's policy outlines the following requirements:
- The credentials used to publish production software to the container registry should be stored in a secure __cpLocation.
- Access should be restricted to the pipeline service account, without the ability for the third-party developer to read the credentials directly.
Which of the following would be the BEST recommendation for storing and monitoring access to these shared credentials?