Exam Terraform Associate topic 1 question 308 discussion

Chatgpt Terraform configuration files contain the infrastructure code that can include sensitive data, such as API keys and credentials. There are multiple ways to keep these secrets safe: A. Shared credential file: This option is not a secure way to keep secrets, as the credential files are often stored in plaintext, which exposes sensitive information. B. Mark the variable as sensitive: This is a secure method to ensure that Terraform handles sensitive data properly. When variables are marked as "sensitive," their values will not be displayed in the output. C. Environment Variables: Environment variables are commonly used to store secrets securely. They prevent the secrets from appearing in the code or Terraform configuration files. D. -var flag: This allows variables to be passed directly via the command line. However, this is not a secure method because the values can be seen in command history or process logs. Answer: A. Shared credential file does not prevent secrets from appearing in Terraform configuration files.

A. A shared credential file. A shared credential file typically contains sensitive information and would be part of the configuration files or accessible in some manner, making it less secure for keeping secrets. The other options (marking variables as sensitive, using environment variables, and the -var flag) can help manage sensitive values without exposing them in configuration files.

B is the right answer

Question is about whether the sensitive values will be in terraform config files NOT about the state file. so B

Marking a variable as sensitive doesn't encourage it to be kept out of the terraform files. It will only be omitted in stout or logs when the terraform command is run