Which option cannot be used to keep secrets out of Terraform configuration files?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the HashiCorp Terraform Associate Exam. Utilize flashcards and multiple-choice questions with detailed hints and explanations. Boost your confidence and be ready for success!

Multiple Choice

Which option cannot be used to keep secrets out of Terraform configuration files?

Explanation:
In Terraform, you want to avoid placing secret values directly in configuration files and instead provide them at runtime or via external sources. The only option that would not help with that is a secure string, because it implies embedding the secret value as a literal string in the configuration. That would keep secrets in the code, defeating the goal of externalizing them. Environment variables and the -var flag are common ways to supply secrets without hardcoding them in .tf files, and providers can be configured to read credentials from environment variables or secret stores, further keeping secrets out of the configuration itself.

In Terraform, you want to avoid placing secret values directly in configuration files and instead provide them at runtime or via external sources. The only option that would not help with that is a secure string, because it implies embedding the secret value as a literal string in the configuration. That would keep secrets in the code, defeating the goal of externalizing them.

Environment variables and the -var flag are common ways to supply secrets without hardcoding them in .tf files, and providers can be configured to read credentials from environment variables or secret stores, further keeping secrets out of the configuration itself.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy