You want to use API tokens and other secrets within your team's Terraform workspaces. Where does HashiCorp recommend you store these sensitive values? (Pick 3)
A.
In a plaintext document on a shared drive.
B.
In a terraform.tfvars file, checked into version control.
C.
In a terraform.tfvars file, securely managed and shared with your team.
D.
In an HCP Terraform/Terraform Cloud variable, with the sensitive option checked.
C. terraform.tfvars securely managed: Acceptable if distributed securely outside version control.
D. HCP Terraform/Terraform Cloud sensitive variables: Official best practice for team-based workflows.
E. Vault: HashiCorp Vault is designed for secret management and integrates well with Terraform.
Analysis of Incorrect Options:
A: Storing plaintext secrets on shared drives is insecure.
B: Checking secrets into version control is a major security risk.
Key Concept:Sensitive values should be managed securely in Vault, HCP Terraform, or securely shared .tfvars files — never in plaintext or version control.
[Reference:Terraform Exam Objective – Use Terraform to Manage Infrastructure., , ]
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit