A cybersecurity analyst is reviewing static application security testing scan results and notices a finding for hard-coded credentials. Which of the following should the analyst recommend to the application team to resolve this concern?

While privileged access management is crucial for controlling and monitoring access to critical systems and data, it does not directly address the issue of hard-coded credentials in the application code. Privileged access management focuses more on managing user access rights and permissions rather than securing embedded credentials.

Single sign-on (SSO) simplifies user authentication processes by allowing users to access multiple applications with a single set of credentials. However, enabling SSO does not inherently resolve the problem of hard-coded credentials within the application code. SSO focuses on user authentication and authorization, not on securing embedded credentials.

Obfuscating API keys can help make them less visible in the code and deter casual attackers. However, obfuscation alone is not a robust solution for addressing hard-coded credentials. While it adds a layer of security through obscurity, it does not eliminate the fundamental issue of storing sensitive credentials directly in the code.