The Big Idea
What if your cloud secrets were accidentally exposed to the whole world? Sensitive variables stop that from happening.
0
0
Why Sensitive variables in Terraform? - Purpose & Use Cases
The Scenario
Imagine you have to write down passwords and secret keys on sticky notes or in plain text files to share with your team.
Anyone who sees these notes can access your cloud resources, which is risky and scary.
The Problem
Manually handling secrets is slow and risky.
You might accidentally share passwords in emails or commit them to code repositories.
This can lead to security breaches and lost trust.
The Solution
Sensitive variables in Terraform keep secrets hidden automatically.
They prevent secrets from showing up in logs or outputs, protecting your important data.
Before vs After
✗ Before
variable "db_password" { default = "mysecret123" } output "password" { value = var.db_password }
✓ After
variable "db_password" { type = string sensitive = true } output "password" { value = var.db_password sensitive = true }
What It Enables
You can safely manage and share secrets without fear of accidental exposure.
Real Life Example
A team deploying a database can use sensitive variables to keep the database password hidden from logs and public views.
Key Takeaways
Manual secret handling risks leaks and mistakes.
Sensitive variables hide secrets automatically.
This keeps your cloud infrastructure safer and easier to manage.