Which of these are secure options for storing secrets for connecting to a Terraform remote backend? (Choose two.)
Which of these are secure options for storing secrets for connecting to a Terraform remote backend? (Choose two.)
To securely store secrets for connecting to a Terraform remote backend, environment variables and variable files are appropriate methods. Environment variables allow secrets to be stored securely without being hardcoded into the configuration files. Variable files let you separate sensitive data from the main configuration, thus managing and securing them independently. Storing secrets directly inside the backend block or in connection configurations outside of Terraform could expose them within configuration files or external settings, which poses a security risk.
BC - 👍
The secure options for storing secrets for connecting to a Terraform remote backend are: B. Defined in Environment variables D. A variable file Environment variables provide a secure way to store sensitive information without exposing it directly in the code. Using a variable file allows for separate storage of sensitive data, which can be managed and secured independently from the Terraform configuration itself. Storing secrets inside the backend block or in a connection configuration outside of Terraform might expose sensitive information within the configuration files or external settings, which could pose a security risk.
BD. (B) clearly yes Now it comes down to between (C) and (D). (C) would not be appropriate because connection configurations deal with connections which are not directly relevant to the question. (D) is more relevant and correct because you can pass in your variable file on using the CLI which will allow your secrets to exist outside of the main code