Which of the following is not considered a safe way to inject sensitive values into a Terraform Cloud workspace?
Which of the following is not considered a safe way to inject sensitive values into a Terraform Cloud workspace?
Editing the state file directly before running terraform apply is not considered a safe way to inject sensitive values into a Terraform Cloud workspace. Modifying the state file directly can lead to corruption and unpredictable behavior in your infrastructure management. Using the -var flag on the command line or specifying a variable file with the -var-file flag are more controlled and conventional methods of injecting values.
Choosing A as it is not right way to do it. Even though C is not preferred, I think you can do it as you are supplying it as a parameter during run and the file is local to the operator running the command and hence can delete it after that. Since we are talking about state being stored remotely, it works very much similar to option B.
A is not possible at all. The question is regarding which is “NOT” the safe way. By interpretation meaning possible but not recommended. The answer is suggests C.
The answer C. A is wrong for Terraform state, don't recommend to edit state file.
I agree, A is nonsense and B is a favored way, so C is the bad one
putting sensitive information in file and using that file whole terraform run is not a safe way !