Which of the following best describes Docker secrets?

Docker secrets are designed to manage sensitive information such as passwords, API keys, and certificates securely. This secure handling is crucial in multi-container applications where sensitive information needs to be shared without exposing it in the codebase or environment variables. By utilizing Docker secrets, this information is encrypted and only accessible to specific services, ensuring that even if a container is compromised, the sensitive information remains protected.

This approach mitigates risks associated with exposing sensitive data, as it is handled in a more secure manner compared to how other choices might suggest managing data. For instance, temporary storage for logs does not pertain to the security of sensitive information but rather deals with application monitoring and troubleshooting. User-defined variables are more about customizing the application environment rather than securely storing secrets. Snapshots of container states refer to the system's state at a particular point in time and are not directly related to the safeguarding of sensitive credentials.