0
0
Terraformcloud~20 mins

Sensitive output values in Terraform - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
Sensitive Output Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
service_behavior
intermediate
2:00remaining
What happens when an output is marked as sensitive in Terraform?

Consider this Terraform output configuration:

output "db_password" {
  value     = aws_db_instance.example.password
  sensitive = true
}

What is the effect of setting sensitive = true on this output?

Terraform
output "db_password" {
  value     = aws_db_instance.example.password
  sensitive = true
}
ATerraform will hide the output value in the CLI and state files, preventing it from being displayed or logged.
BTerraform will encrypt the output value automatically in the cloud provider's console.
CTerraform will print the output value in plain text but mark it with a warning.
DTerraform will prevent the output from being used as an input to other modules.
Attempts:
2 left
💡 Hint

Think about what sensitive means for output visibility.

Configuration
intermediate
2:00remaining
Which Terraform output configuration correctly marks a secret as sensitive?

Choose the correct Terraform output block that marks the secret api_key as sensitive.

A
output "api_key" {
  value = var.api_key
  secret = true
}
B
output "api_key" {
  value = var.api_key
  sensitive = false
}
C
output "api_key" {
  value = var.api_key
  sensitive = true
}
D
output "api_key" {
  value = var.api_key
  hidden = true
}
Attempts:
2 left
💡 Hint

Check the exact attribute name Terraform uses for marking outputs sensitive.

Architecture
advanced
2:30remaining
How should sensitive outputs be handled in a multi-team Terraform environment?

You manage Terraform code used by multiple teams. Some outputs contain sensitive data like passwords or keys.

Which approach best protects sensitive outputs while allowing teams to use necessary information?

AStore sensitive outputs in plain text files alongside Terraform code for easy access.
BRemove sensitive outputs from Terraform and share secrets via email to teams.
CMark sensitive outputs as normal outputs and rely on team trust to not share them.
DMark sensitive outputs with <code>sensitive = true</code> and share the Terraform state file only with authorized teams.
Attempts:
2 left
💡 Hint

Think about controlling access to state files and output visibility.

security
advanced
2:30remaining
What is a limitation of marking outputs as sensitive in Terraform?

Consider marking outputs as sensitive in Terraform. Which of the following is a true limitation?

ASensitive outputs cannot be referenced by other modules once marked sensitive.
BSensitive outputs are still stored in plain text inside the Terraform state file unless additional encryption is applied.
CSensitive outputs automatically encrypt data at rest in the cloud provider.
DSensitive outputs prevent Terraform from applying changes to resources.
Attempts:
2 left
💡 Hint

Think about where Terraform stores output values and what sensitive controls.

Best Practice
expert
3:00remaining
Which practice best prevents accidental exposure of sensitive Terraform outputs in CI/CD pipelines?

You run Terraform in a CI/CD pipeline that outputs sensitive values. Which practice best prevents accidental exposure of these sensitive outputs?

AConfigure Terraform outputs as sensitive and avoid printing them in pipeline logs or environment variables.
BPrint all outputs in the pipeline logs but encrypt the logs after the run.
CDisable sensitive output marking and rely on pipeline access controls only.
DStore sensitive outputs in plain text files checked into the pipeline repository.
Attempts:
2 left
💡 Hint

Consider how outputs appear in logs and environment variables during pipeline runs.