Which option can not keep secrets out of Terraform configuration files?
Which option can not keep secrets out of Terraform configuration files?
Marking the variable as sensitive does not keep secrets out of Terraform configuration files. It only ensures that the sensitive data is not displayed in the output or logs when running Terraform commands. The other options (a shared credential file, environment variables, and using the -var flag) are methods that can be used to keep secrets out of the configuration files.
B is the right answer
Marking a variable as sensitive doesn't encourage it to be kept out of the terraform files. It will only be omitted in stout or logs when the terraform command is run
Question is about whether the sensitive values will be in terraform config files NOT about the state file. so B