Which option can not keep secrets out of Terraform configuration files?
Which option can not keep secrets out of Terraform configuration files?
Marking the variable as sensitive does not keep secrets out of Terraform configuration files. It only ensures that the sensitive data is not displayed in the output or logs when running Terraform commands. The other options (a shared credential file, environment variables, and using the -var flag) are methods that can be used to keep secrets out of the configuration files.
Question is about whether the sensitive values will be in terraform config files NOT about the state file. so B
B is the right answer
Marking a variable as sensitive doesn't encourage it to be kept out of the terraform files. It will only be omitted in stout or logs when the terraform command is run
A. A shared credential file. A shared credential file typically contains sensitive information and would be part of the configuration files or accessible in some manner, making it less secure for keeping secrets. The other options (marking variables as sensitive, using environment variables, and the -var flag) can help manage sensitive values without exposing them in configuration files.
Chatgpt Terraform configuration files contain the infrastructure code that can include sensitive data, such as API keys and credentials. There are multiple ways to keep these secrets safe: A. Shared credential file: This option is not a secure way to keep secrets, as the credential files are often stored in plaintext, which exposes sensitive information. B. Mark the variable as sensitive: This is a secure method to ensure that Terraform handles sensitive data properly. When variables are marked as "sensitive," their values will not be displayed in the output. C. Environment Variables: Environment variables are commonly used to store secrets securely. They prevent the secrets from appearing in the code or Terraform configuration files. D. -var flag: This allows variables to be passed directly via the command line. However, this is not a secure method because the values can be seen in command history or process logs. Answer: A. Shared credential file does not prevent secrets from appearing in Terraform configuration files.
Marking a variable as sensitive in Terraform prevents its value from being displayed in the CLI output, but it does not keep the secret out of Terraform configuration files or the state file. Sensitive variables are still stored in plaintext within the Terraform state file, making them accessible unless additional measures are taken to secure the state file.