Which option prevents sensitive values from appearing in logs or plans?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the HashiCorp Terraform Associate Exam. Utilize flashcards and multiple-choice questions with detailed hints and explanations. Boost your confidence and be ready for success!

Multiple Choice

Which option prevents sensitive values from appearing in logs or plans?

Explanation:
Controlling how Terraform reveals values in its output is about marking sensitive inputs. When you declare a variable and set sensitive = true, Terraform redacts the actual value in plan and apply output, so you won’t see the secret in the console or logs. This is the intended safeguard for secrets like passwords or API keys you pass into Terraform. The option to pass values with the -var flag is just a way to supply the value; if you provide secrets this way, they can still be exposed in your shell history or logs, defeating the purpose. Storing values in plaintext defeats the purpose as well. Using a local backend only changes where state is stored and does not affect how Terraform prints sensitive data in logs or plans. Therefore marking the variable as sensitive is the best way to prevent sensitive values from appearing in logs or plan output.

Controlling how Terraform reveals values in its output is about marking sensitive inputs. When you declare a variable and set sensitive = true, Terraform redacts the actual value in plan and apply output, so you won’t see the secret in the console or logs. This is the intended safeguard for secrets like passwords or API keys you pass into Terraform. The option to pass values with the -var flag is just a way to supply the value; if you provide secrets this way, they can still be exposed in your shell history or logs, defeating the purpose. Storing values in plaintext defeats the purpose as well. Using a local backend only changes where state is stored and does not affect how Terraform prints sensitive data in logs or plans. Therefore marking the variable as sensitive is the best way to prevent sensitive values from appearing in logs or plan output.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy