0
0
Terraformcloud~5 mins

Sensitive variable handling in Terraform - Cheat Sheet & Quick Revision

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Recall & Review
beginner
What is a sensitive variable in Terraform?
A sensitive variable is a variable that contains confidential information, such as passwords or API keys, which Terraform hides in its output to protect the data.
Click to reveal answer
beginner
How do you declare a sensitive variable in Terraform?
You declare a sensitive variable by adding the attribute sensitive = true in the variable block.
Click to reveal answer
intermediate
Why should you mark variables as sensitive in Terraform?
Marking variables as sensitive prevents Terraform from showing their values in logs and plan output, reducing the risk of exposing secrets. However, sensitive values are still stored in the state file in plain text.
Click to reveal answer
intermediate
Can sensitive variables be used in Terraform outputs?
Yes, but you must mark the output as sensitive too. Otherwise, Terraform will warn you and may expose the value.
Click to reveal answer
beginner
What happens if you do not mark a secret as sensitive in Terraform?
The secret may appear in Terraform plan, apply logs, or state files, risking accidental exposure to anyone with access to those files.
Click to reveal answer
How do you mark a variable as sensitive in Terraform?
AAdd <code>sensitive = true</code> in the variable block
BPrefix the variable name with 'secret_'
CUse <code>private = true</code> in the variable block
DEncrypt the variable value manually
What does Terraform do with sensitive variables during plan and apply?
AHides their values in output and logs
BPrints their values in plain text
CDeletes the variables after use
DSaves them in a separate file
If you output a sensitive variable without marking the output as sensitive, what happens?
ATerraform automatically hides the output
BTerraform warns and may expose the value
CTerraform blocks the deployment
DTerraform encrypts the output
Why is it important to mark variables as sensitive?
ATo enable variable reuse
BTo speed up Terraform runs
CTo reduce variable size
DTo prevent accidental exposure of secrets in logs and state files
Which of the following is NOT a best practice for handling sensitive variables in Terraform?
AMark variables as sensitive
BUse environment variables or secret managers
CStore secrets in version control in plain text
DMark outputs as sensitive when they expose secrets
Explain how to declare and use sensitive variables in Terraform and why it matters.
Think about how Terraform treats secrets differently to keep them safe.
You got /4 concepts.
    Describe the risks of not marking sensitive variables properly in Terraform.
    Consider what happens if anyone can see your Terraform logs or state files.
    You got /4 concepts.