0
0
Terraformcloud~20 mins

Sensitive variable handling in Terraform - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
Sensitive Variable Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
🧠 Conceptual
intermediate
2:00remaining
Why mark a variable as sensitive in Terraform?
You have a Terraform variable that stores a database password. Why should you mark this variable as sensitive?
ATo prevent the password from being shown in Terraform plan and apply outputs.
BTo encrypt the password in the Terraform state file automatically.
CTo allow the password to be shared publicly without risk.
DTo make the password variable optional in the configuration.
Attempts:
2 left
💡 Hint
Think about what happens when Terraform shows outputs during deployment.
Configuration
intermediate
2:00remaining
Terraform variable declaration with sensitivity
Which Terraform variable declaration correctly marks the variable as sensitive?
A
variable "db_password" {
  type      = string
  secret    = true
}
B
variable "db_password" {
  type      = string
  sensitive = true
}
C
variable "db_password" {
  type      = string
  hidden    = true
}
D
variable "db_password" {
  type      = string
  secure    = true
}
Attempts:
2 left
💡 Hint
Check the exact attribute name Terraform uses for sensitive variables.
Architecture
advanced
2:00remaining
Best practice for storing sensitive variables in Terraform
You want to keep your sensitive variables secure and avoid committing them to version control. Which approach is best?
ACommit sensitive variables encrypted with base64 encoding to version control.
BHardcode sensitive variables directly in the main Terraform configuration files.
CStore sensitive variables in a separate file ignored by version control and load it with -var-file option.
DStore sensitive variables as plain text environment variables and reference them in Terraform.
Attempts:
2 left
💡 Hint
Think about how to keep secrets out of version control safely.
service_behavior
advanced
2:00remaining
Terraform output behavior with sensitive variables
You define an output in Terraform that references a sensitive variable. What will Terraform show when you run 'terraform output'?
ATerraform will hide the output value and show (sensitive) instead.
BTerraform will display the output value but mask half of the characters.
CTerraform will cause an error and refuse to show any output.
DTerraform will display the full sensitive value in plain text.
Attempts:
2 left
💡 Hint
Consider how Terraform protects sensitive outputs from accidental exposure.
security
expert
3:00remaining
Terraform state file and sensitive data exposure
Which statement about sensitive variables and the Terraform state file is true?
ATerraform automatically encrypts sensitive variables inside the state file by default.
BSensitive variables are never stored in the state file to protect secrets.
CTerraform stores sensitive variables in a separate encrypted state file automatically.
DSensitive variables are stored in plain text in the state file unless additional encryption is applied.
Attempts:
2 left
💡 Hint
Think about what Terraform does by default with state files and sensitive data.