You're building a CI/CD (continuous integration/ continuous delivery) pipeline and need to inject sensitive variables into your Terraform run.
How can you do this safely?
You're building a CI/CD (continuous integration/ continuous delivery) pipeline and need to inject sensitive variables into your Terraform run.
How can you do this safely?
The safest way to handle sensitive variables in a CI/CD pipeline is to pass them to Terraform using the -var flag. This practice allows you to supply the values of sensitive variables at runtime, avoiding hardcoding them directly into the Terraform code or storing them in insecure locations such as a source code repository. For even greater security, you can use environment variables or secret management tools supported by your CI/CD platform to pass these values without exposing them.
The safest method to inject sensitive variables into your Terraform run in a CI/CD pipeline is: A. Pass variables to Terraform with a -var flag. When running Terraform in your CI/CD pipeline, you would pass the sensitive variables like this: terraform apply -var="database_password=mysecretpassword" -var="api_key=1234567890abcdef" For enhanced security, in a CI/CD environment, you'd typically use environment variables or secret management tools that are supported by your CI/CD platform to pass these sensitive values, so they are never exposed in logs or stored in insecure locations. For instance, using environment variables: export TF_VAR_database_password=mysecretpassword export TF_VAR_api_key=1234567890abcdef terraform apply
Definitely A.
The safest option among the choices provided is to use the -var flag to pass sensitive variables to Terraform. This allows you to provide variable values at runtime without hardcoding them directly into the Terraform code or exposing them in the source code repository.
A is correct answer : -var See Topic 1 # Question 43 https://blog.gruntwork.io/a-comprehensive-guide-to-managing-secrets-in-your-terraform-code-1d586955ace1
A. Pass variables to Terraform with a "var" flag. When running Terraform in a CI/CD pipeline, it is important to securely pass sensitive variables to Terraform. One way to pass sensitive variables to Terraform is to use the -var flag to supply the value of the variable at runtime.
A is the answer
Obviously A
https://developer.hashicorp.com/terraform/language/values/variables
Shouldn't this be A? Making variables part of the code just doesn't sound right.
I would choose A as well
Should be A; definitely not the option provided
A sounds right
I too would go with A
I vote A
A= correct Var
A for sure
A is correct
https://developer.hashicorp.com/terraform/language/values/variables
A is a correct answer Reference: https://developer.hashicorp.com/terraform/language/values/variables
A is correct
I see that is A but since its on B. Will it be B on the exam? Or that option, even though everyone is on A. Just curious.
The answers on here aren't always correct. Typically go with the highest rated one
A is Correct for passing sensitive vars to CI/CD