You should store secret data in the same version control repository as your Terraform configuration.

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the HashiCorp Terraform Associate Exam. Utilize flashcards and multiple-choice questions with detailed hints and explanations. Boost your confidence and be ready for success!

Multiple Choice

You should store secret data in the same version control repository as your Terraform configuration.

Explanation:
Storing secret data in the same version control repository as your Terraform configuration is not recommended. Repositories can be accessed by many people, copied, backed up, or unintentionally shared, and secret values can end up exposed through commit history or backups long after you’ve removed them from the code. The safer pattern is to keep secrets in a dedicated secret management system or in protected environment-specific files that are excluded from version control, and reference them in Terraform at runtime. For example, use a secrets manager (like Vault or cloud provider secret services) or inject secrets via environment variables or Terraform Cloud/Enterprise variable sets with the Sensitive flag. Marking variables as sensitive helps hide them in plan outputs, but it doesn’t prevent exposure if secrets are stored in state or logs, so keeping secrets out of the VCS is essential.

Storing secret data in the same version control repository as your Terraform configuration is not recommended. Repositories can be accessed by many people, copied, backed up, or unintentionally shared, and secret values can end up exposed through commit history or backups long after you’ve removed them from the code. The safer pattern is to keep secrets in a dedicated secret management system or in protected environment-specific files that are excluded from version control, and reference them in Terraform at runtime. For example, use a secrets manager (like Vault or cloud provider secret services) or inject secrets via environment variables or Terraform Cloud/Enterprise variable sets with the Sensitive flag. Marking variables as sensitive helps hide them in plan outputs, but it doesn’t prevent exposure if secrets are stored in state or logs, so keeping secrets out of the VCS is essential.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy