HashiCorp Certified: Terraform Associate — Question 206

Which option can not keep secrets out of Terraform configuration files?

Answer options

• A. A shared credential file
• B. Mark the variable as sensitive
• C. Environment Variables
• D. A -var flag

Correct answer: B

Explanation

The correct answer is B because marking a variable as sensitive does not prevent the value from being displayed in the state file and logs, thus it does not effectively keep secrets out of the configuration. Options A, C, and D provide alternative methods for managing sensitive information without embedding it directly in the configuration files.