HashiCorp Certified: Terraform Associate — Question 165

Which of the following is not considered a safe way to inject sensitive values into a Terraform Cloud workspace?

Answer options

• A. Edit the state file directly just before running terraform apply
• B. Set the variable value on the command line with the -var flag
• C. Write the value to a file and specify the file with the -var-file flag

Correct answer: A

Explanation

Editing the state file directly is risky because it can lead to inconsistencies and corruption of the state, making it unsafe. In contrast, using the -var flag and the -var-file flag are both accepted and secure methods for passing sensitive values to Terraform Cloud workspaces.