HashiCorp Certified: Terraform Associate — Question 143

Which of these are secure options for storing secrets for connecting to a Terraform remote backend? (Choose two.)

Answer options

• A. Inside the backend block within the Terraform configuration
• B. Defined in Environment variables
• C. Defined in a connection configuration outside of Terraform
• D. A variable file

Correct answer: B, C

Explanation

Options B and C are secure because they keep sensitive information outside of the Terraform configuration, reducing the risk of accidental exposure. Option A is insecure as it includes secrets directly in the configuration, and Option D is not recommended for storing secrets as variable files can be easily exposed if not handled properly.