To ensure that sensitive, temporary data within a container is never written to the host's disk but resides only in memory, what type of mount should be used?

To ensure that sensitive, temporary data within a container is never written to the host's disk but resides only in memory, a `tmpfs` mount should be used. A `tmpfs` mount, which stands for "temporary file system," is a type of filesystem that resides entirely in the host's volatile memory, specifically Random Access Memory (RAM). When a `tmpfs` mount is created for a container, any data written to that specific mount point within the container is stored directly in the host machine's RAM, not on its persistent storage devices like hard disk drives or solid-state drives. This means that the data is never committed to the host's physical disk. Because RAM is volatile memory, meaning it requires power to maintain the stored information, all data within a `tmpfs` mount is automatically cleared and irretrievably lost when the container stops, the `tmpfs` mount is unmounted, or the host system reboots. This characteristic directly fulfills the requirement for temporary, sensitive data to exist only in memory without leaving any trace on disk. For example, in container orchestration tools like Docker, one would specify a `tmpfs` mount using options such as `--tmpfs /path/in/container` or by defining a mount with `type=tmpfs`.