Terraform Associate Exam

Exam Terraform Associate All QuestionsBrowse all questions from this exam

Go to Exam

Question 71

Your security team scanned some Terraform workspaces and found secrets stored in a plaintext in state files.

How can you protect sensitive data stored in Terraform state files?

Delete the state file every time you run Terraform

Store the state in an encrypted backend

Edit your state file to scrub out the sensitive data

Always store your secrets in a secrets.tfvars file.

Correct Answer: B

Reference:

https://www.terraform.io/docs/language/state/sensitive-data.html

Discussion

Ni33Option: D

Why not D? Setting values with a .tfvars file allows you to separate sensitive values from the rest of your variable values, and makes it clear to people working with your configuration which values are sensitive. However, it requires that you maintain and share the secret.tfvars file with only the appropriate people. You must also be careful not to check .tfvars files with sensitive values into version control.

DKwork

It cannot be D because the problem is that the secrets are plaintext within your secrets.tfvars file. Think about how you would secure that secrets.tfvars within your group of appropriate people

joyboy23

Wouldn't it still be rendered as plain text in your state files ?

Chrisler

I disagree, setting values with a .tfvar file is also an option but least recommended. Securing your state file by encryption would only give access to the person or a team that needs it.

campsOption: B

B. Store the state in an encrypted backend. Terraform state files can contain sensitive information such as access keys, passwords, and private keys. To protect this information from unauthorized access, it is important to store the state file securely.

eduvar4Option: B

https://developer.hashicorp.com/terraform/language/state/sensitive-data

Ahmad_TerraformOption: B

B store in encrypted backend , E.g S3

EltoothOption: B

B is correct answer : Store in encrypted backend.

gofavad926Option: B

B, got answer: To protect sensitive data stored in Terraform state files, you should use an encrypted backend. Storing state in an encrypted backend helps secure sensitive information, such as secrets and access keys, that might be present in the state file. This prevents unauthorized access to sensitive data. D. Always store your secrets in a secrets.tfvars file: Storing secrets in separate variable files is a common practice, but it doesn't directly address the security of the Terraform state. Even if secrets are in a separate file, protecting the state file is still important.

aanataliyaOption: B

Confusion between B and D? Check this. Terraform will still record sensitive values in the state, and so anyone who can access the state data will have access to the sensitive values in cleartext Ref: https://developer.hashicorp.com/terraform/language/values/variables#suppressing-values-in-cli-output Variables in any file is still stored in state as plaintext. So D cannot be correct answer. Please vote for correct answer to help others.

NashPOption: B

B. Store the state in an encrypted backend Explanation: Storing the Terraform state in an encrypted backend is the recommended approach to protect sensitive data. Terraform supports various backends, and using an encrypted backend ensures that the state file is encrypted at rest, adding an extra layer of security.

shefulacertificariOption: B

B is the answer.

Power123Option: B

B is correct

vadeemkaaOption: B

Definitely B

nakikooOption: B

agreeee