0
0
Terraformcloud~5 mins

Sensitive output values in Terraform - Cheat Sheet & Quick Revision

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Recall & Review
beginner
What does marking an output as sensitive in Terraform do?
It hides the output value from the CLI output and logs to protect sensitive information like passwords or keys.
Click to reveal answer
beginner
How do you declare a sensitive output in Terraform?
Use the sensitive = true argument inside the output block, for example:<br>
output "db_password" {
  value     = aws_db_instance.example.password
  sensitive = true
}
Click to reveal answer
beginner
Why should sensitive outputs not be printed in logs or shared publicly?
Because they may contain secrets like passwords or API keys that can compromise security if exposed.
Click to reveal answer
intermediate
Can sensitive outputs be accessed programmatically in Terraform?
Yes, sensitive outputs can be used by other Terraform configurations or modules but remain hidden in CLI output and logs.
Click to reveal answer
beginner
What happens if you do not mark a sensitive value as sensitive in Terraform outputs?
The value will be shown in the CLI output and stored in the state file in plain text, risking exposure of secrets.
Click to reveal answer
What keyword do you use to mark an output as sensitive in Terraform?
Aprivate = true
Bsensitive = true
Chidden = true
Dsecure = true
What is the main benefit of marking outputs as sensitive?
AThey are hidden from CLI output and logs
BThey are encrypted in the state file
CThey run faster
DThey can be shared publicly
If an output is sensitive, can other Terraform modules still use its value?
ANo, sensitive outputs are blocked
BOnly if you decrypt it manually
COnly in the same module
DYes, but the value is hidden in CLI output
What risk do you take if you do NOT mark a secret output as sensitive?
AThe secret will be exposed in CLI output and state files
BTerraform will fail to apply
CThe output will be encrypted automatically
DThere is no risk
Which of these is NOT a recommended practice for sensitive outputs?
AMark outputs as sensitive
BAvoid printing secrets in logs
CStore secrets in plain text outputs
DUse outputs carefully in automation
Explain how to protect sensitive information in Terraform outputs and why it matters.
Think about what happens if secrets are shown in logs or terminal.
You got /4 concepts.
    Describe the behavior of sensitive outputs in Terraform when accessed by other modules or automation.
    Consider how Terraform shares outputs internally vs. what it shows to users.
    You got /4 concepts.