HashiCorp Certified: Terraform Associate — Question 230

You want to use API tokens and other secrets within your team’s Terraform workspaces. Where does HashiCorp recommend you store these sensitive values? (Choose three.)

Answer options

• A. In a terraform.tfvars file, securely managed and shared with your team.
• B. In HashiCorp Vault.
• C. In a terraform.tfvars file, checked into your version control system.
• D. In a plaintext document on a shared drive.
• E. In an HCP Terraform/Terraform Cloud variable, with the sensitive option checked.

Correct answer: A, B, E

Explanation

The recommended practices for storing sensitive values involve using secure methods. HashiCorp Vault (B) offers robust secret management, while storing values in an HCP Terraform/Terraform Cloud variable with the sensitive option (E) ensures protection. Option A is acceptable if managed securely, but options C and D expose sensitive information and violate best practices.